As more companies store their data in the cloud, it becomes an attractive target for hackers and criminals. Cloud account hijacking is one of the latest attempts to seize control of services and data for criminal purposes, leaving CISOs and IT managers with another headache as they look to defend businesses that demand an ever-growing cloud footprint. A recent cloud security study from IFP revealed that account hijacking is the biggest threat.
In the rush for productivity improvements and cost reductions, CIOs are migrating to the cloud from their own servers and on-premises applications. Many new firms are operating cloud-first, with none of the legacy baggage of their predecessors.
But those burgeoning databases of customer information, business data, proprietary information and - best of all - bank or credit card details, make a tempting target for criminals armed with years of experience in phishing attacks to gain access details and knowledge of many cloud service weak spots to claim their loot.
Strong cloud security requires strong leadership
Equip your team with the right tools to improve visibility, reduce risk & respond to threats faster.
VISIT THE HUB ifp.ClickDetails"What is cloud account hijacking?
Cloud account hijacking is just one of many threats that CISOs and IT needs to address when accounts are compromised by malicious actors.
The typical cloud hijacking goes something like this:
- A company doesn’t change its default cloud service password
- Some cloud access credentials are exposed somewhere
- Someone in the company falls victim to a phishing attack
While most tech workers are well aware of the risks and get training about phishing and other attacks, it takes just one stressed worker with enough on their plate to reply, and the damage is done.
Once a criminal has sufficient privileges and access to any cloud service, they can lock legitimate users out, or steal the data stored in that service. Imagine an entire company being locked out of its productivity applications, or the finance team blocked from accessing the company’s accounts.
While some cloud service providers will have security to limit these types of breaches and hijacks, it’s up to the business to secure its cloud and ensure access is protected.
What are the risks associated with cloud account hijacking?
Losing access to your company data is just the start of many business nightmare scenarios. The data could be hijacked and held for ransom, as in many profile cases, most recently, the US Colonial Pipeline attack where the firm paid $5 million in an attempt to restore services and recover a reported 100GB of cloud data.
In most instances, firms are locked out of their applications and data, and even if they pay a ransom, services are never returned. This means the business needs to recover data from existing and accessible backups, and restore their services afresh.
Even in less extreme examples, a company can lose hours or days of work if their cloud is hijacked, and have to catch up in a hectic series of updates once access is restored. Not only do firms lose money, but they can also fall behind on orders or production, and if the issue becomes public, companies can suffer reputational damage and lose orders as a result.
Tips to prevent account hijacking attacks in the cloud
The best defense for any cloud is a multi-layered approach to security. This starts with the human factor, with top-down awareness through the business of the risks, training about phishing and scams.
1. Close collaboration between CIOs and CISOs is key
When researching various cloud providers or replacing ones that don’t provide adequate security protection, it’s vital that CIOs collaborate closely with CISOs. That goes for services, compute and storage, ensuring they meet compliance and governance standards, and the other complexities of a modern cloud.
2. Restrict access to cloud services to authorized users
The IT team needs to ensure that each service is secure, that only authorized users have access to services, and every credential and password is secured. Most cloud services require additional layers of protection like cloud access security brokers (CASBs), next-gen firewalls and other tools.
3. Embrace cloud tokenization
When it comes to protecting regulated data like credit card details, personally identifiable information (PII) and government or health codes, many firms are adopting cloud tokenization to support or replace encryption tools. Another step forward is in zero trust solutions that add verification layers to ensure only legitimate access is granted to valid users.
4. A cloud disaster recovery plan is a must
Firms also need to have adequate disaster recovery procedures in place that are regularly tested to work as the cloud footprint grows, big data creates pressure on the business to adopt more automation and fresh risks are created.
There’s no one size fits all solution to cloud security. Instead, each CISO, IT security or cloud leader and team will have to build their own approach that meets the business needs, while providing the most flexible and rigorous layers of defense. And every time a new cloud service is adopted, they’ll need to ensure it’s integrated into the security scheme and doesn’t create any new weak points.
Cloud security is a never-ending battle, with new threats appearing, employees finding creative ways to work that may create a risk, the creation of shadow IT being one of the most critical, and criminals exploiting new avenues of attack. Increasingly automated protection services will help IT create these defenses, but CISOs will need to fight for the budget to adopt them, and ensure that manual oversight is alert to each and every issue, ready to react if needed.
Further reading:
- 5 Major Cloud Security Breaches and How to Boost Your Defenses Against Them
- Data Sovereignty and Cloud: How Do You Ensure Compliance?
- How to Lock Down the Cloud Control Plane with CSPM
- 9 Key Questions to Ask Every CASB Vendor
Access the latest business knowledge in IT
Get Access
Comments
Join the conversation...