Tierney - stock.adobe.com
Enterprise clouds hammered by cyber attacks during pandemic
Remote workers logging onto enterprise cloud service accounts are an easy access point for attackers, says McAfee
A steady stream of attacks on enterprise clouds during the first couple of months of 2020 has become a flood since the start of the Covid-19 coronavirus pandemic, with external attacks spiking by more than 600% in the space of a few weeks.
That is according to new statistics produced by cyber security firm McAfee using data drawn from 30 million users of its Mvision Cloud service. The Cloud adoption and risk report – work-from-home edition highlights what McAfee describes as “significant” and “potentially long-lasting” trends as the usage of cloud services, often accessed via unmanaged devices, spikes during lockdown.
It said such trends emphasised the need for security delivery models to change fundamentally, and urgently, particularly in industries such as financial services and manufacturing, which more usually rely on on-premise applications, networking and security, as well as the education sector.
“The move to widespread remote working has required many industries to adopt new cloud services in order to maintain staff communication and collaboration during such a challenging time,” said Nigel Hawthorn, data privacy expert for cloud security at McAfee. “However, it is important to recognise the increased threat from cyber criminals who see opportunity in cloud services that are not managed securely.
“Cloud and data security should be absolutely front and centre in informing any enterprise’s cyber security approach – even more so when they are increasingly reliant on the cloud. Without ascertaining where sensitive data resides or how it is used and shared, it is simply impossible for organisations to have an accurate picture of their security posture and where any vulnerabilities may be.”
Hawthorn said it was crucial for organisations to recognise their role within the shared responsibility model, making everyone accountable for cyber security, from enterprise IT teams, to managed service providers accessing their networks, down to individual employees.
“When managed correctly, cloud is the most secure place to do business and an incredible driver of business growth, innovation and resiliency,” he said. “Collaboration, strong data governance and regular staff training are the keys to making this a reality.”
The report highlighted that cloud-based unified communications and collaboration tools, such as Cisco WebEx, Microsoft Teams and Zoom, as well as Microsoft Office 365, were particularly at risk from attacks – which most often take the form of large-scale attempts to access accounts using stolen credentials.
Read more about cloud security
- A multi-cloud environment is not inherently more secure than a single cloud. Learn how to choose between single cloud vs multi-cloud for your organisation from a security perspective.
- Misconfigured cloud installations risk billions of records being exposed, damaging organisations’ finances and reputation, but paying attention to securing AWS storage buckets is a simple matter.
- Protect your hybrid cloud environment against these five common security vulnerabilities. Avoid the risks with established strategies and public cloud tools.
McAfee also observed that the level of insider threat to cloud environments remained largely constant during the survey period, suggesting that working from home has not had a negative influence on employee loyalty. But Rajiv Gupta, SVP of cloud security at McAfee, said the risk of threat actors targeting the cloud far outweighs any risk introduced by changes in employee behaviour.
“Mitigating this risk requires cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and from the use of unmanaged devices,” he said. “Cloud-native security has to be deployed and managed remotely and can’t add any friction to employees whose work from home is essential to the health of their organisation.”
McAfee urged organisations to re-evaluate their security postures as a matter of urgency to protect against attack. Some basic steps towards this could include: adopting a “cloud-first” thought process, shifting focus away from on-premise security; reconsidering network set-ups, as remote working reduces the ability for hub-and-spoke networking models to work effectively – direct connections through the cloud are more appropriate now; and consolidating and reducing complexity, with an eye on service interoperability.