The cloud is more accessible than ever especially with the proliferation of mass storage sites like Drop Box and Google Drive. Cloud use is global-wide and is applicable at both the individual and company level. With regards to the latter, the average enterprise spends about a third of its IT budget on cloud-related services. 90% of companies also use a private or public cloud to some extent, according to a 451 Research report.
Unfortunately, as with anything online, there is an element of vulnerability that cyber-criminals will exploit. What are some of these common and dangerous risks, and what can you do to safeguard your data sitting in the cloud?
Common Attack Vectors in the Cloud
- Ransomware – ransomware is actually on the decline, though it’s still quite common. Bigger cloud providers like Google, Amazon, and Cisco have the resources to defend against ransomware. However, a smaller cloud service or private cloud may be more susceptible.
- Distributed Denial of Service (DDoS) Attacks – one may think that (DDoS) is a non-issue due to a cloud’s exceptionally large bandwidth. However, it’s still doable by targeting a system located on a cloud platform.
- Insider attacks – Cyber-intrusion can and often is an inside job, with a culprit being a trusted and unsuspecting staff member. In fact, one study suggests that inside attacks account for as much as 43% of all cyber attacks at the company level.
Hackers are able to gain access using varied methods, such as stolen credentials, brute force, or exploiting vulnerabilities. This has resulted in 681 million cloud-based attacks worldwide in 2018, according to one report.
Whether you’re an individual cloud user or operate a company-based cloud network, following the precautions below mitigate the ever-growing risks.
Two-Step Password Verification
Treat your cloud access the way you treat your most sensitive accounts, such as your online banking. One study from Deloitte showed that 90% of passwords are vulnerable to hacking. This is true even of passwords that are considered strong; that is, those that have a mix of capital and lower-case letters, numbers, and symbols.
You can greatly beef up security by enabling a two-step verification process. In most cases, the second step is a code sent to you via email or text that you enter after logging in with your username and password. Many people find the extra step a hassle, but it only takes an additional 30-seconds.
Businesses that utilize a cloud, whether a public, private, or hybrid one, should have a two-step verification process in place for all employees with authorized access.
Delete Unwanted Files
With the hundreds of gigabytes of storage, it’s all too easy to just let old files set and gather digital dust. Some of these may contain sensitive data, such as tax filings or customer transaction information. As you accumulate more files in the cloud, you also accrue more sensitive information, making the ramifications far graver should a cyber-intrusion occur.
All it takes is a single intrusion to lose all your data and files in the cloud if this is what the hacker intended to do. Most cloud providers can retrieve deleted data within a small window timeframe. Consult with your cloud provider to determine this timeframe. In conjunction, we also recommend cloud-to-cloud backup. That is, having a secondary cloud service as a backup. Files that go into your main cloud also goes into the secondary cloud.
Phishing Awareness Training
For companies, all it takes is the lapse in judgement of one employee to compromise cloud security. Provide training on the latest social engineering attacks, such as phishing and spoofing. When we say “training,” this is not a one-and-done affair. It requires regular and updated training and policy updates. Training is especially vital if your workplace supports a bring-your-own-device (BYOD) culture where staffers are permitted to access the company cloud via their personal devices.
With Convenience Comes Extra Precaution
The cloud has made external storage solutions nearly obsolete. However, the trade-off are new security concerns. Fortunately, you can greatly minimize risk to your personal or company data by making cloud security a priority without compromise.