The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. In 2016 CSA released ‘Treacherous 12: Top Threats to Cloud Computing + Industry Insights’article to provide readers with a real-world glimpse into what is currently occurring in the security industry. InstaSafe has refreshed release to the 2016 article that includes new real-world anecdotes and examples of recent incidents that relate to each of the 12 cloud computing threat categories identified in the original paper.
“It’s our hope that these updates will not only provide readers with a more relevant context in which to evaluate the top threats but that the enhanced article will provide them with a real-world glimpse into what is currently occurring in the security industry.
Although cloud providers often do a better job of building their infrastructure with redundancy than many companies, it is still possible that some data could be lost forever. This could happen due to how errors are handled by the cloud provider, hardware failures, or an external attack.
With the increased discovery of vulnerabilities in core software components, it has become a challenge for cloud providers and users to keep their infrastructures up to date. Some recent critical software bugs, such as Heartbleed and Shellshock, attracted a lot of media attention, forcing providers and users to quickly patch these vulnerabilities before attackers exploited them.
The loss of privacy is still one of the main concerns of cloud users. Most data breach attacks that affected the cloud were directed at the web application itself or took advantage of poorly configured permissions in cloud implementations.
The data stored in the cloud could be lost due to the hard drive failure. A CSP could accidentally delete the data, an attacker might modify the data, etc. Therefore, the best way to protect against data loss is by having a proper data backup, which solves the data loss problems.
8.2 Business Impacts
Information may not be seen as a critical asset, but it is the lifeblood of virtually all modern organizations. It is the single most valuable asset most companies possess. Compromising of important data caused due to deletion, alteration, unlinking a record and storing of data on an unreliable medium, is a serious threat.
Data loss can have catastrophic consequences for the business. It leads to loss of important data, reputation (for businesses), the trust of customers and sometimes even the customers which may result in a business bankruptcy. Sometimes the loss of data may cause severe legal and policy compliance issues. More than one company has been forced out of business because management failed to take steps to ensure that it could recover critical information stored in the cloud.
8.3 Anecdotes and Examples
Amazon is an example of an organization that suffered data loss as its EC2 cloud suffered ” a re-mirroring storm” due to human operator error, permanently destroying many of its own customers’ data in 2011.
Google was another organization that lost data when its power grid was struck by lightning four times.
The WannaCry ransomware cyber attack orchestrated over the weekend of the 12th of May should act as a stark reminder to companies that data backups need to be done regularly, that security solutions have to remain up to date and that user education is still a vital component of every security policy.
In July 2017, a malware that at first seemed very similar to a 2016 ransomware called Petya began spreading across computers around the world. But while Petya was a ransomware which demanded payment for unlocking the encrypted hard drives of infected systems, NotPetya was something far worse. Not only was it not a ransomware, it encrypted all the files in an infected system, causing irreparable damage to its hard drives.
September 2017 saw another cyber attack on MongoDB which affected 26,000 databases, that were completely wiped out by three groups of hackers. The hackers demanded payment in the form of bitcoins in return for the data their victims had lost.
1. The Treacherous 12 – Cloud Computing Top Threats in 2016
2. The top cloud computing threats and vulnerabilities in an enterprise environment
3. Top 8 Cloud Computing Threats and its Security Solutions
4. Security Response
5. Ransomware on the rise: what were the biggest cyber attacks of 2017?