Cloud Data Security – 5 Attacks to Watch for in 2019
Every year, cybersecurity specialists predict that the next year will bring with it larger, more sophisticated attacks. And every year, they’re right! In 2018 alone, we experienced a breach of 50 million users at Facebook, 150 million users compromised at Under Armour, and 340 million records breached through Exactis. It has become commonplace to experience large-scale breaches of personally identifiable information as well as financial information. And it isn’t only these megalithic entities that are at risk.
The March to the Clouds
Cloud computing continues to grow. By the end of this year, only a small fraction of core business utilities will remain on-premise. Platform-as-a-Service will be the fastest growing subset of cloud-based infrastructure, and subscription-based Software-as-a-Service will continue to grow. By 2020, IaaS will reach $72.4 billion worldwide.
This dramatic growth comes at a cost – and that cost is usually security. Cybercriminals love change because change introduces new opportunities for them. While already moving data and applications to the cloud, many organizations still haven’t figured out their cloud data security strategies. However, moving to the cloud isn’t an option, but a requirement. Cloud resources are scalable, accessible, and low-maintenance, making it a virtual necessity for modern business.
Unfortunately, cloud-based solutions are particularly vulnerable to phishing, social engineering, and account takeover, as they can be accessed from anywhere and falter when they are poorly secured. Plus, regardless of where your data is stored – on premises or in the cloud – once an employee’s credentials have been compromised, so has the data. Cloud solutions that are not properly secured will eventually be compromised, as there are more cyberattackers (and more cyberattacks) each day.
Cloud Cybersecurity Threats To Watch Out For in 2019
In 2019, companies should prepare to see the following threats:
- API security flaws. APIs are a common component of SaaS solutions – and though they are incredibly useful, they can also be incredibly vulnerable. Businesses are going to need to become more vigilant in their due diligence when selecting new third-party solutions and when vetting APIs before connecting them into their direct infrastructure.
- Insufficient out-of-the-box security. If there’s one thing that this past couple of years have taught us, it’s that even the big cloud providers (such as Box) are vulnerable. In fact, many of the largest solutions proved to be the most vulnerable (such as Facebook), as their sprawling platforms could hide issues for some time. Out-of-the-box security solutions for many cloud-based applications aren’t sufficient to truly keep data safe. And while the companies that are offering cloud services will undoubtedly focus more on security in 2019, businesses shouldn’t rely upon them to keep their data secure.
- Cryptojacking. Cryptojacking spiked in popularity in late 2017 and early 2018, but it’s still around and will continue to be a significant issue throughout 2019. Cryptojacking was most prominently seen with the WannaCry worm, which proliferated quickly across a multitude of platforms. Cryptojacking attacks are more frequently targeting enterprise cloud environments, which have access to significantly more computing capacity than the average home PC. For example, it was revealed in February of 2018 that Tesla suffered a cryptojacking attack.
- AI-based attacks. Imagine a cybersecurity attack that can react to what you’re doing, assessing the security solutions that are present and finding the best strategies to get around them. Criminals can use artificial intelligence (AI) to analyze vulnerabilities in a cloud environment on-the-fly and launch coordinated attacks against a system with the goal of eventually breaking it down. Though we have not seen any significant AI-driven threats yet, they are likely to come in 2019 as criminals improve their ability to leverage this technology.
- Ransomware. While it may seem like ransomware is not as big a threat as it once was, it’s still common. While cloud services provided by industry heavyweights like Amazon, Google, or Cisco have plenty of resources to defend against ransomware attacks (though even that doesn’t make them impervious), smaller cloud providers are not necessarily in that position. Whether its IaaS or SaaS, cloud-based platforms are still susceptible to ransomware and will undoubtedly be targeted in 2019.
Understanding the threats to come is the first step towards protecting your organization from them. Cloud data protection requires that you invest in proactive defensive measures – and these measures will need to evolve as technology evolves and grows. Many organizations are not able to effectively protect their own infrastructure but instead must invest in a cloud data security partner that can remain on top of emerging security issues, and can leverage the most advanced technology available.
It’s Time to Take Action
If your organization hasn’t taken action to modernize your cybersecurity as you migrate data and services to the cloud, 2019 is the year for you. It’s not a stretch to say that 2019 will likely see a substantial ramp up of cyberattacks as they become more lucrative and easier to deploy. Cybercriminals now have access to advanced technologies and resources, and businesses and indeed economies have been developed solely around cybercrime.
As the cloud migration continues and threats become more sophisticated, so too, must cybersecurity. It’s time to improve upon your cloud data protection and invest in your security infrastructure. Lastline Defender can help. It uses artificial intelligence and machine learning to detect attacks early in their lifecycle, before any data has been lost, and virtually eliminates false positives. Please let us know if you’d like to learn more.
Latest posts by Swarup Selvaraman (see all)
- Cloud Data Security – 5 Attacks to Watch for in 2019 - January 8, 2019
- Zero Trust: The Right Way to “Never Trust, Always Verify” - December 18, 2018
- Why Phishing Requires Additional Security - September 12, 2018