The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. In 2016 CSA released ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights’ article to provide readers with a real-world glimpse into what is currently occurring in the security industry. InstaSafe has refreshed release to the 2016 article that includes new real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified in the original paper.
“It’s our hope that these updates will not only provide readers with a more relevant context in which to evaluate the top threats but that the enhanced article will provide them with a real-world glimpse into what is currently occurring in the security industry.
A data breach may well be the primary objective of a targeted attack or just the results of human error, application vulnerabilities, or poor security practices, CSA says. It’d involve any kind of data that was not intended for public release, including personal health information, monetary data, personally identifiable information, trade secrets, and intellectual property. An organization’s cloud-based data might have value to different parties for various reasons. For example, organized crime usually seeks monetary, health and private data to carry out a variety of fallacious activities. Activists might want to reveal data that may cause harm or embarrassment, and so on. the risk of information breach isn’t unique to cloud computing; however, it consistently ranks as a prime concern for cloud customers.
1.2 Business Impacts
Although nearly any data breach can be problematic, the sensitivity of the data usually determines the extent of the damage. In many parts of the world, laws and regulations oblige organizations to exercise certain standards of care to ensure that sensitive information is protected against unauthorized use. When a data breach occurs, companies may incur large fines and may also be subject to civil lawsuits and, in some cases, criminal charges.
Clients share their sensitive information with businesses frequently, assuming the companies have the proper security measures in place to protect their data. As soon as a data breach occurs, customers will question the amount of trust they’ve put into a business. Furthermore, consumers want to believe that enterprises can not only prevent but also properly manage a potential data breach. The majority of consumers won’t do business with an enterprise they can’t depend on. This will not only lead to a loss in business but in loss of credibility of the company. To add to the woes, Once cybercriminals have this information, they can effectively damage a company’s competitiveness by providing these materials to industry rivals or by exposing the information to the public. This effect is heightened if the data breach is not discovered immediately and is allowed to continue for weeks or months at a time.
Cloud providers often have good security for aspects they take responsibility for but, ultimately customers are responsible for protecting their data in the cloud. The best protection against data breach is an effective security program. Two important security measures that can help companies stay secure in the cloud are multifactor authentication and encryption.
1.3 Anecdotes and Examples
In mid-2017, Zomato an Indian restaurant search and discovery service suffered a security breach with over 17 million user records stolen from the food-tech company’s database. The stolen information has email addresses and hashed passwords of customers.The hacker responsible was willing to sell this data on a popular Dark Web marketplace. The contents included emails and password hashes of registered Zomato users with the price set for the whole package at $1,001.43 (BTC 0.5587) – BTC here stands for Bitcoins.
In 2018 Roughly 150 million users of the MyFitnessPal app owned by Under Armour have had their personal details leaked in a data breach including usernames, email addresses and passwords. In a written statement issued on 29 March, Under Armour said that it became aware of the breach on 25 March, though it actually occurred in late February 2018.
In another such incident, Pizza Hut has revealed that its website and app were hacked on 1 October, with personal information for an undisclosed amount of customers being jeopardised. The hack is thought to have compromised billing information including delivery addresses, email addresses and payment card information containing account numbers, expiration dates and CVV numbers.
Pizza Hut has sent out emails to customers informing them of the breach, which reveals Pizza Hut knew of the breach two weeks before disclosing it.
1. The Treacherous 12 – Cloud Computing Top Threats in 2016
2. The scary side effects of a cyber breach
3. Zomato hacked: Security breach results in 17 million user data stolen
4. The most infamous data breaches