BUSINESS SURVEILLANCE
SPIKE IN CLOUD ATTACKS SHOWS BUSINESSES WERE NOT PREPARED TO WORK FROM HOME
COVID-19 has brought about a work from home culture that is now the norm . Employees have therefore had to adapt and get to grips with the technologies they ’ re working with . Ryan Trost , CTO and Co-founder of ThreatQuotient , discusses the importance of investing time and money into giving employees the know-how when transitioning to a new cloud environment .
usinesses continue
B to place more and more data in the cloud , from personal details to intellectual property . The growing adoption of cloud-based solutions by businesses , whether for greater agility , data analytics or to support employees in accessing the data , for example when they work remotely or from home , also increases the risk of cloud attacks .
Back in December 2019 , I released a series of predictions for 2020 , one being the likelihood for a significant rise in cloud attacks in 2020 . Little did we know back then , nine months ago , that the outbreak of COVID-19 would occur , creating the perfect storm for cyber-attackers to take advantage of an incredibly disruptive period . This disruption meant businesses have been forced to adopt solutions at a rapid pace , potentially skipping usual protocols , and likely employee use of ‘ shadow IT ’ solutions .
The spike in cloud cyberattacks this year , with the term ‘ cloud ’ appearing 29 times in Verizon ’ s 2020 Data Breach Investigation Report , shows that businesses did not implement bestpractice cybersecurity measures before we all set up our home offices and started working completely from home .
As more and more remote employees place vital data in the cloud , this creates more entry points that are vulnerable and open for cyber-attackers to exploit . Recent research from Palo Alto Networks found over 1,700 malicious Coronavirusthemed domains are created every day and , despite a minority residing in public clouds , they are more likely to be missed
Ryan Trost , CTO and Co-Founder of ThreatQuotient
by less-complex firewalls . Between the anonymity cloud technology provides for cybercriminals and how easy it is for cloud administrators to misconfigure cloud settings ; it is no surprise adversaries seek it out .
One of the greatest threats to cloud providers is nation-state actors . When they discover a particular enclave where confidential data is hosted , such as an enterprise ’ s intellectual property , they could use a zero-day attack to escape containment and deploy a persistent threat to continue their lateral movements throughout the cloud provider . Or perhaps more simply , a determined engineer of your organisation could dump sensitive data into an external drive – either way , there are too many variables and unknowns
62 Issue 31 | www . intelligentciso . com