+44 (0) 1367 701 500

5 Cloud Attacks To Protect Yourself From

May 22, 2020

Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform. Unfortunately, being such a hugely adopted platform comes with its own challenges. Hackers and cybercriminals are already spending more time infiltrating cloud systems, with a particular focus on AWS, Office 365 and other corporate favoured databases.

For the AWS user, the system is largely trustworthy as an entity, but becomes harder and harder to rely upon as more users are onboarded. If everyone within an organisation has access to the AWS console, the threat surface expands. Due to human error, a topic we’ve explored in great depth in our ebook series , it’s highly likely that someone will make a mistake at some point. Once the hacker is in the system, there is a plethora of collateral for them to abuse or take ransom.

The type of attack cloud based systems could suffer is varied:

  1. Data breach – a loss of data, resulting in a GDPR violation or worse.
  2. Denial of service hack – once inside, a hacker can remove access to the services within the cloud – affecting both staff and customers.
  3. Insider threats – human error or improper offboarding of ex-staff members could lead to leaks or data breaches.
  4. Hijacking – using phishing emails or similar, hackers can access your company data through a verified login.
  5. Insecure apps – employees must check before downloading an app, incase it’s a disguise for something more sinister.

Protecting such a huge system is highly challenging and requires adaptive solutions. Checkpoint’s Dome9 system is a comprehensive software platform for public cloud security. Using Dome9, cloud users can easily see their security status, detect unusual behaviours, enforce security best practices and protect against identity theft and data loss in the cloud. Dome9 is available for Amazon Web Services, Microsoft Azure and Google Cloud Platform.

It works exceptionally well in organisations because it doesn’t change current privilege models and it’s completely non-intrusive. In order to login to the cloud system of choice, users must authenticate themselves using the Dome9 app. This added layer of security makes it much harder for hackers to get in. Just in case a hacker does get past the identity protection measures, the system is booby-trapped to expose them before they can cause any lasting damage.

It’s so vitally important for cloud users to understand that the security of their cloud is not the cloud provider’s responsibility. Your data is still your data – therefore keeping it locked down is on your shoulders. Over the last few weeks, we’ve been producing blog posts and an ebook series to explain to our customers and readers what the digital migration we’re currently experiencing might mean from a security perspective. With many home workers still operating through cloud services and other platforms, security is more important than ever before. Coupled with a sharp rise in cyber-attacks during the Covid-19 pandemic, a poor security posture could become a spiralling issue.

To check out Stage 1 and Stage 2 of ebook series on protecting your staff and protecting the cloud, click here.

If you want to find out just how secure your current system is, our friends over at Checkpoint are offering a FREE cloud health check! To take them up on this generous offer.

As always, we’re here to answer your questions – anytime. So don’t hesitate to get in touch with the Core to Cloud team.

At Core to Cloud, we’re passionate about sharing the extensive knowledge base we have at our fingertips.

As always, if there’s anything we can do to help, please get in touch and if you have any specific questions please contact alex@coreotcloud.co.uk

 

Core to Cloud Ltd | LinkedIn

Consultancy for the planning and implementation of sustainable security strategies that meet expectation, embrace innovation and build foundations for secure digital business. Why Core to Cloud? We deliver solutions that help organisations to discover, defend and respond to the latest security threats on the horizon and to also ensure compliance.

If you haven't already, make sure to register for our live presentation on Thursday 5th November to learn about how NHS Trusts are benefiting from continuous Penetration Testing. Register here today. https://lnkd.in/d9Jbycp

Load More...

Certifications