Private businesses and government contractors alike are increasingly relying on public cloud services to drive their core business functions – according to Gartner, global cloud spending will increase by over 20% to almost $500 billion. But the speed of cloud adoption often leaves cybersecurity by the wayside, leaving companies open to major risks.
In 2020, cloud represented the third most targeted cyber environment. That trend has continued, with 45% of organizations reporting a cloud-based data breach within the last 12 months according to Thales Group. But cloud infrastructure is increasingly secure, and vanishingly few cloud security incidents can be laid at the feet of cloud service providers (CSPs) – so why do these breaches occur?
In this article, we will answer that question, explaining the risk factors for cloud breaches, and how organizations can prevent them with better risk assessment, cyber training and security planning.
The Rise of Cloud Security Incidents
The number of companies experiencing cloud-based data breaches is climbing – the 45% of businesses who reported a cloud-based breach in the past 12 months is up 5% from 2021. But while cloud breaches can take many forms, they also share many commonalities.
In 2019, Facebook (now Meta) was involved in a data breach that affected hundreds of millions of users – while the issue was quickly resolved, it was a PR disaster for one of the largest social platforms on Earth. Two years later – in 2021 – software company Cognyte had more than 5 billion sensitive records exposed on the Internet, including names, passwords and email addresses.
The same year Cognyte was attacked, professional services company Accenture was targeted in a cyberattack by the LockBit group – over 6 TB of data was stolen, with ransomware actors demanding a $50 million payment. Because the company did not pay in time, it lost proprietary information.
What do all these incident share in common? They are all cloud breaches that occurred within the past year, and all of them were caused by misconfigurations: Cognyte left a database unsecured – meanwhile, both Facebook and Accenture left an AWS bucket open to the public. These are all typical examples of the way cloud incidents occur today.
Understanding the Shared Responsibility Model
When an organization stores data and applications on the cloud, it is leasing computing power, storage and networking infrastructure from a CSP, and working within a virtualized environment. While the CSP is generally responsible for the security of its infrastructure, the customer is generally responsible for the security of their assets residing in their virtual environment – this is called the “shared responsibility” model.
Today, most CSPs are heavily protected with multiple, redundant layers of security, including encryption at rest and in transit, firewalls, DDoS protection and more. Accordingly – while breaches on the infrastructure side do happen – they are rare. According to IBM, two-thirds of cloud breaches are caused by exposed Application Programming Interfaces (APIs), and – by 2025 – Gartner predicts that 99% of cloud breaches will be the customer’s fault.
For this reason, organizations can mostly trust the security of CSPs: what they need to be wary of is security vulnerabilities in their virtual environment, arising from user error and poor design.
Cloud Breaches: Top Five Causes
There is more than one way that an organization can leave their cloud platform compromised or exposed. Here are five of the most common:
1. Misconfigured APIs
APIs are provided by CSPs for the purpose of automation and easy access. Unfortunately, organizations often leave their APIs unprotected or poorly protected by mistake, allowing them to be freely accessed by malicious actors.
2. Poorly Protected Credentials
Unless an organization is using multi-factor authentication (MFA), nothing can stop a malicious actor from gaining access to a cloud environment if they have the right credentials. Data leaks, phishing attacks and exposed devices can compromise the credentials of privileged users, allowing attackers full access to administrative features.
3. Multi-Cloud Complexity
With the growth of multi-cloud environments that combine multiple cloud platforms together in one solution, organizations are facing increased complexity that can make it hard to stay secure. According to Check Point, 57% of organizations struggle to secure data in multi-cloud environments due to inconsistency between different vendors.
4. Vulnerable Third-Party Services
An organization that secures its cloud configuration perfectly can still be compromised if it is hosting vulnerable third-party services within its cloud environment. Like many other IT environments, cloud suffers from a software supply chain problem: organizations don’t know what dependencies exist in their products, or how they might be vulnerable.
5. Bad Virtual Machine Images
Infrastructure-as-a-Service (IaaS) companies typically provide their customers with the option of creating custom virtual machine images (VMI) to interface with their cloud environment, or use a default. Unfortunately, many default VMIs available from cloud providers come with unpatched vulnerabilities, malware or insecure firewall settings.
Impact of Poor Cloud Security
Given how much organizations depend on cloud-based services to run their business, a successful cyberattack on cloud environments can have wide-reaching impacts. These include:
- Data Exfiltration – malicious actors can steal sensitive data including user credentials, personally identifiable information (PII) about employees or customers, intellectual property and more. Data exfiltration is also a major blow to brand equity and public trust.
- System Takeover – when attackers infiltrate a cloud environment through compromised credentials, they can do more than steal – they can delete data and applications, change settings, and deface Web surfaces. Ultimately, an arbitrary degree of control is possible.
- Lateral movement – once in the cloud, attackers can potentially transition to your organization’s internal network and IT systems, giving them access to local files and devices.
- Ransomware – cloud is one of many channels ransomware actors can use to encrypt data, lock users out of a system and demand ransom payment. While ordinary ransomware attacks are bad enough, ransomware attacks that spread through the cloud have the potential to be more far reaching.
Protecting Your Cloud Environment
While cloud surfaces have become a popular target for hackers, hackers themselves are not the biggest risk to your cloud environment – the biggest risk is failing to properly secure it in easily avoidable ways. Here are a few steps to prevent that from happening:
1. Invest in Cyber Training – cyber training can help employees to set better passwords, avoid phishing scams, and understand the importance of safety in a cloud environment.
2. Choose FedRAMP Certified CSPs – CSPs authorized under the Federal Risk and Authorization Management Program (FedRAMP) are required to follow NIST 800-53 security controls to protect their customers. They are more also more likely than other CSPs to provide security features that make security breaches less likely from the customer side, such as multi-factor authentication (MFA) and warnings in the event of an exposed API.
3. Get a Risk Assessment – a comprehensive risk assessment will reveal potential vulnerabilities throughout your organization’s IT systems and may reveal organizational problems that make cloud misconfigurations more likely.
4. Implement a System Security Plan – under NIST SP 800-171, all government contractors are required to have a System Security Plan (SSP) for all systems that may handle CUI during the course of a contract – this includes cloud surfaces. Implementing an SSP will help your organization to recognize security gaps, and develop procedures around cloud development to reduce the likelihood of dangerous mistakes.
Cyber Expertise You Can Trust
Securicon helps your business to comply with Federal and regulatory requirements through program and risk assessments. With a team comprised of veterans from the U.S security community – including DoD, DHS, and the U.S Cyber Commands – we are equipped to provide organizations with gap analysis, compliance consulting, assessment support, and audit preparation. To learn more, contact us today.