This post is part of an ongoing blog series examining predictions and recommendations for cybersecurity in 2018.
To say that 2017 was a challenging year for organisations would be an understatement. As we become increasingly interconnected, businesses should look at cyberattacks as foreseeable events they should be planning for today. All businesses should maintain a good level of “cyber hygiene” wherein they regularly backup their data, patch their systems and applications, and reduce the attack surface of their digital assets as much as possible.
As we continue to transform the way we do business in 2018 by leveraging new technologies, we need to be aware of security concerns and act to reduce the risk rather than avoid these new technologies. It’s about being sensible and trying to stay ahead of cybercriminals by understanding current and potential threats, and what can be done to mitigate the risks.
1. The Cloud Is Someone Else’s Computer: You Still Need to Protect Your Information
Third-party cloud storage has been a recurring theme in the news of late, in particular Amazon's Simple Storage Service, otherwise known as S3. In AWS, there is a so-called “bucket” that is your organisation’s container for online data storage on the AWS cloud; and this can contain sensitive information.
Some organisations have had sensitive data exposed via misconfigured AWS S3 buckets. In recent months, we have seen exposure of sensitive files, passwords, home addresses, customer databases and information on over 180 million U.S. voters. In each case, a misconfiguration of the S3 buckets left the data freely accessible to anyone via the internet.
Buckets can have specific security settings, which is where the problem begins. The reason for that is human error.
AWS, like many other cloud providers, has a shared responsibility model. This means Amazon is responsible for the security of the cloud and infrastructure, which includes network, storage, and compute. The customer, on the other hand, is responsible for security of the data in the cloud. When you leave the data open for anyone to read, the exposure is clearly the fault of the customer and not AWS. This is not an AWS-specific problem, but one that applies to any other cloud platform or data repository.
Now, the challenge every organisation needs to consider is that if we leave the buckets open to be read, they are automatically exposed. The risk is greater for data that can be overwritten. If an adversary were to locate a bucket that could be modified, they would have the ability to upload malware into the bucket and overwrite files. In addition, if you were to store codes in a repository like this, people could make changes to those too.
Tools are already available on the internet to allow an adversary to easily search your organisation’s buckets using keywords. If the bucket happens to be open to read and/or write, then changes can easily be made.
With most businesses either embarking on or already leveraging cloud to store data, as well as migrate or build applications, every organisation needs to inspect and verify who is accessing its data/applications. Based on recent events, it’s foreseeable that someone will come looking for your information, but it’s up to you to manage the risk. Therefore, you should consider and get answers to the following questions:
2. Data Is the New Oil, and Integrity Is the Key
The basic principles of information security are confidentiality, integrity and availability.
Traditionally, most attacks target confidentiality and availability: an attacker compromises or steals your intellectual property or some form of data you have, and engages denial-of-service attacks to prevent you from accessing your information and/or systems. Businesses have become so used to looking at these two issues that we may have forgotten about integrity – yet that’s one area in which more challenges are appearing.
Data is the new oil. It propels businesses forward and dictates everything from business operations to the way governments roll out policy. As such, the risks data theft poses are well-understood. However, the dangers of hackers changing their approach and instead choosing to manipulate data are only just becoming clear.
Data integrity is the assurance that information can be accessed or modified only by authorised users. A data integrity attack compromises that assurance with the aim of gaining unauthorised access to modify data for any of a number of reasons, such as financial gain, reputational damage or simply making the data worthless.
Financial markets could be poisoned and collapsed by faulty data, such as through manipulating sales figures to inflate the value of a company’s stock. Utility companies, smart cities and other IoT systems, from traffic lights to the water supply, could be severely disrupted if the data they run on were altered.
Every organisation should begin the conversation now to prevent these types of attacks from being successful. As part of this conversation:
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.