Malware, ransomware attacks and sophisticated phishing campaigns are all serious problems across cloud, on-prem or hybrid environments. Our reliance on the cloud in particular has created bigger, easier to penetrate, and more rewarding targets for cyberattacks. Defending against security threats in the cloud is complex, and traditional security technologies and approaches simply aren’t enough against the continuous waves of attack.
The way threats manifest in the cloud are different for 3 main reasons:
1) Complex configuration. Attackers know that cloud infrastructure is hosted in specific silos, owned and managed by the big cloud providers. They also know that these accounts are regularly misconfigured, which can lead directly to breaches as was the case for Capital One and Uber. One of the most severe cloud misconfigurations occurred in 2022, where 1.5 billion files pertaining to airport workers were exposed, potentially putting lives at risk.
2) Lack of designed-in security. The development of a cloud deployment is often undertaken at breakneck speed, and without the same level of involvement of the IT team who would have been more invested in the development of an on-prem security solution. Instead, the responsibility for a cloud environment often sits initially with DevOps teams, whose core concern is making fast, incremental steps toward launching. If security is not built into these incremental steps, it leaves the end product vulnerable.
3) High volume, high speed. The associated volume that these attacks can take place sets the cloud apart. As organisations place their faith in some of the biggest cloud providers in the world like Amazon or Azure, they do so in good faith that their data is safe. However, in practice, the very thing that gives the cloud its obvious business benefit also leaves it vulnerable. Cloud computing’s big benefits are in its speed and agility, but those are just the things that hackers can turn to their advantage by applying the power of the cloud against an increasingly accessible attack surface.
Traditional controls such as firewalls and IDS are not as effective in a cloud environment, due to the increasingly dynamic nature of workloads, the complex management requirements and the static nature of their rulesets. This means traditional security stacks fail to keep pace with the highly dynamic world of cyberthreats.
Usually, the first pass in securing the cloud environment is centred on access control and secure configurations. This isn’t enough, and the breach landscape reflects this. The Thales 2023 Cloud Security report found that more than a third (39%) of businesses have experienced a data breach in their cloud environment over the past year.
As a result of this failure of protection and appropriate configuration, things fall through the cracks. This is understandable when a lot of the associated best practices prescribed by the large cloud providers often provide different and conflicting advice, leading to the widespread security failings we currently see in the cloud.
With many organisations likely to be using multiple cloud providers, this failure to unify best practices across cloud platforms leaves gaps, and confusion. In this confusion, people will seek to find workarounds, which in turn lead to mistakes being made: Thales also found that human error is the leading cause of cloud breaches, identified by 55% of respondents.
The dramatic shift by cybercriminals towards automated attacks will continue, increasing the level and potency of attacks in cloud environments. The sad reality is this ever-compounding increase in attacks makes the current technology sets commonly used for cloud defences insufficient. Even if detection and response times are improving, the attackers are moving laterally in the network and establishing a foothold within a reducing time window.
A new way of safeguarding the future, powered by intelligence
The way to combat such a daunting threat landscape is with intelligence-powered defensive capabilities. Threat Intelligence provides us the knowledge and context to identify threats as they appear in the network and technology solutions now offer the ability to apply that intelligence in real-time to prevent attacks.
Enterprise cloud adoption is moving at such a rapid speed that security is sometimes an afterthought to the enterprises deploying it. And, unfortunately, the attackers targeting your cloud infrastructure also move with an increased speed and frequency.
The only way to stay up to date with the constant evolving and shifting attack vectors is to work with teams who can ensure that you are empowered with consolidated real-time threat intelligence derived from multiple reliable sources.
Aggregated, contextualised threat intelligence from multiple feeds give you access to a massively increased data set of known attacks, giving security teams a better chance of determining and defending against a security incident. This context, if properly deployed, buys a security team’s time by acting as a buffer to malicious activity, and allows security teams to regain some control of their environments, without impacting the flexibility and performance of their cloud infrastructure.
Cloud computing represents the new norm for solution deployment and will continue to expand at an unprecedented rate. The speed and flexibility that it brings provides enormous benefits as enterprise IT infrastructure. However, unless we accept that existing security stack technology and threat detection technologies are ill matched with the growing attack surface and threat vectors in the cloud, we may find that the technology provides us with more problems than solutions. Only by leveraging the vast threat intelligence being gathered by security researchers and applying it in real-time can we hope to stem the tide of crippling cyberattacks.
Fergal Lyons is a Cybersecurity Evangelist at Centripetal, based in Galway.