- News & Resources: Listings >
- Blog
- How to Improve Safety and Security in Schools – Cloud Manage Network
- Top 10 Cybersecurity Threats in 2024
- Microsegmentation: Protecting Data from Cyber Threats
- Retail shoplifting and loss prevention: How to protect your business
- Generative AI Cost Optimization Strategies
- Why Do I Need to Protect My Cloud?
- 10 Reasons for Engaging Outside Experts to Manage Your Cybersecurity
- Why Hiring a 3rd Party MSP Expert Makes Sense and – and Cents (MANY cents!)
- Brand and Network Considerations When Adopting AI Corporately
- Integrating XDR, SIEM, and SOAR
- 3-2-1 –Go? Not so quick, this time.
- 5 Things a CISO Shoud Know
- 10-Step Patch Management Checklist
- Penetration Testing vs. Breach Attack Simulation
- Current big cyber breaches and impact on businesses
- Smart Infrastructure Gets Lit Up!
- Securing Industrial IoT: The Missing Puzzle Piece
- 7 Common Cybersecurity Mistakes Made by SMBs
- The Future of Physical Security: Cloud-Based Systems
- Autonomous and Sensor Technology Use Surging
- 2024 Facilities Trends Will Require Facilities and IT Teams to Work in Tandem
- NGFW vs. WAF. What’s the Right Firewall for You?
- Chris Hadfield’s Words To Live By
- Industrial Revolution 4.0 + IIoT
- Digital Fluency Drives Innovation
- Your Cloud Needs Protecting, Too
- Your building alarm systems could become obsolete. In 2024!
- Zero Trust 2.0: Zero Trust Data Resilience (ZTDR)
- We just got, or got used to, Wi-Fi 6. What is Wi-Fi 7?
- What Does the Board Need to Know? Business Metrics that CISOs Should Share – 4th and Last in a Four-Part Series
- Why 2024 is the Year for AI Networking
- International Women’s Day is Tomorrow – Great Time to Think About…
- Data-Centric Security Step One: Classifying Your Data
- The Network – Unsung Hero of Super Bowl LVIII
- What Does the Board Need to Know? Business Metrics that CISOs Should Share – Third in a Four-Part Series
- Boosting IT Team Performance by Fostering Intuition, Curiosity and Creativity
- Breach Remediation Costs Can Wipeout Bottom Line and Business
- Hoodied Hackers Now Favour Hugo Boss
- What Do You Need to Tell the Board? Business Metrics that CISOs Should Share – Second in a Four-Part Series
- How to Get People to Re-Engage After the Holidays
- What Does the Board Need to Know? Business Metrics that CISOs Should Share – First in a Four-Part Series
- Android Devices MUST be Updated + IT Departments Being Cut as Privilege Escalation Escalates
- Today’s Common Cloud Migration and Management Concerns
- Protect Your Healthcare Network from Cyberattack – Lives are at Stake
- Happy Halloween: Black Cats Lead to Boo….Hoo.
- Insurance Underwriters are Protecting Their Flanks
- Insurance Companies Cracking Down as Cybercriminals Become Better Business Builders
- Scary Cyberattacks Stats
- Parents, Profs and IT Professionals Perceive Back-to-School Through Different Lens
- Zscaler’s new IDTR and other tools that leverage generative AI
- Vanquish Vaping, Vandalism and Villainy
- Fabric for Fast-Paced Environments
- Changes to Cyber Insurance Requirements – What you Need to Know
- Cybersecurity Readiness – Newly Released Report
- Passwords Leaked…Again
- 10-Step Patch Management Checklist
- Remote – Again – For Now… and Still Maintaining Engagement
- Protecting Pocketbooks, Passwords and Property from Pilfering
- Raspberry Robin: Highly Evasive Worm Spreads over External Disks
- Cisco Introduces Responsible AI – Enhancing Technology, Transparency and Customer Trust
- Managing Customer Trust in Uncertain Supply Chain Conditions
- Hope on the Horizon
- Toys of Tomorrow… What will spark your imagination? Fuel your imagination?
- Protecting Purses and Digital Wallets
- The Password that Felled the Kingdom + MFA vs 2FA
- The MOE’s RA 3.0 and Zscaler
- 7 Critical Reasons for MS Office 365 Backup
- Penetration Testing Important, but…
- Social Engineering and Poor Patching Responsible for Over 90% of Cybersecurity Problems
- Breach Incidence and Costs On the Rise Again + 5 Ways to Reduce Your Risk
- Cybersecurity Insurance Policies Require Security Audits and Pen Testing
- Wireless strategies for business continuity gain importance as enterprise expand IoT, cloud, and other technologies
- How Cybercrooks are Targeting YOU
- Enabling Digital Transformation with Cisco SD-WAN
- WFH Post Pandemic – What It Will Look Like. What You’ll Need.
- Leaders to looking to the IoT to improve efficiency and resiliency
- Cyber Security Vernacular – Well, some of it, for now
- Why You Need Disaster Recovery, NOT Just Back-Ups
- 10 Reasons Why Having an Expert Manage Your Cybersecurity Makes Sense and Saves Dollars
- Converting CapEx IT Investments into Manageable OpEx
- The Hybrid Workplace – Planning the Next Phase
- Cisco Cloud Calling: Empowering Customers to Thrive with Hybrid Work
- When You Can’t Access the Cloud
- How to Keep On Keeping On
- New Cisco Research Reveals Collaboration, Cloud and Security are IT’s Top Challenges
- Threats from Within on the Rise
- Cloud Covered? If Not, Take Cover!
- Zero Trust and Forrester Wave Report
- Password Based Cyber Attack: Like Leaving Keys Under Doormats
- So, What’s Up With Sensors?
- Sensors and Systems Create a Digital “Last Mile” and Help Skyrocketing Costs
- Scanners Provide Peace of Mind for Returning Students and Workers
- Sensors Improve Operations and Bottom Line… Easily and Cost-Affordably.
- Cisco Meraki Looks at 2021
- 2020 Holiday Shopping: Cybersecurity and Other Tips to Safeguard Wallets and Systems
- How to make the most of the technology you have
- Personnel, Planet and Business Progress: More Interdependent Than Ever Before
- Sure… you can get them all in the boat – but can you get them to work well together?
- Pushing the Zero Trust Envelope – Cisco is Named a Leader in the 2020 Forrester Zero Trust Wave
- Cloud Data Must be Protected, Too!
- Don’t Let Anyone Get the Dirt on You – Make It Instead!
- How IoT Devices Can Help You and Your business
- WebEx – A World of Possibility
- Creating Your Breach Response Plan Now Will Save You Thousands Down The Road
- Been hacked? Here’s what you must do next.
- The Need for Pen Testing is At an All-Time High
- 5 Ways an IT Reseller Improves Your Performance and Peace-of-Mind
- 5G and Wi-Fi 6: Faster, more flexible, and future ready. Are you?
- Network and Data Security for Returning and Remote Workers + Disaster Recovery Symposium
- Collaboration and Cisco WebEx: Protecting Your Data
- Thursday’s Virtual Conference Tackles Today’s Supply Chain Trials and Tribulations
- 10 Tips to Reduce Cloud Storage Risk
- COVID-19 Crisis Fuelling IT Spending
- Supply Chain/Logistics Experts Share Their Expertise
- Cisco Breach Defence Overview
- Announcing Our New Website and Blog
Cloud Migration entering its 2.0 phase at a time when cybercrime is at an all time high, and the vector villains have become extremely sophisticated and well-organised.
Setting the Stage
Although cloud computing first started the 1960s, it wasn’t until Amazon launched AWS in 2006 that people start talking about the cloud as being something other than white, fluffy wisps in the sky. Even then, companies were slow to adopt the cloud, to some degree because there were insufficient applications available. That is no longer the case
Cloud adoption has almost doubled in the past three years, in part because the lockdown forced us all to change the way we work,
With nearly 90% of companies around the world already using the cloud to some extent in their businesses, you’d think that cloud migration would be old hat by now, yet cloud usage and security remain hot topic. Why is that?
Despite cloud usage being par for the course in business today, less than half of all organisations are cloud-native, or fully cloud-enabled. For instance, only 60% of corporate data is currently stored in the cloud, and less than 30% of corporate processes reside aloft.
From our partners, we know that nearly 60% of companies are seeking to optimize their cloud use over the next 12 to 18 months, while migrating more workloads to the cloud.
We’ve also seen an increase in companies moving from on-premises software to SaaS, because many of these applications have had time to mature. For these reasons, predictions are that cloud-related services will double over the next year and a half, to reach about $830 billion by 2025.
2024 – A Turning Point
In the face of this rapid growth, increasing numbers of IT specialists are sounding the alarm about the risks inherent in using the cloud.
Why?
It’s a bit of a chicken and egg situation. As more cloud-native applications are developed, and I mean truly useful, robust applications, more and more organisations are adopting cloud solutions. There are two reasons for this. One is that it enables any type of firm to easily, confidently and cost-effectively improve its corporate capabilities. The second is that by using SaaS options, OpEx budgets can be leveraged, rather adding to capital expenditures.
As more organisations subscribe to cloud-based services, the more these applications proliferate. Unfortunately, this also expands the attack surface, along with vulnerabilities that cyber criminals are increasingly learning to exploit.
About Attack Surface Vulnerabilities
An attack surface is made up of all the different ways a bad actor can gain unauthorized access to any system across the entire organisation. It includes digital and physical entry points.
Physical attack surfaces include all endpoints. The biggest area of vulnerability: Unmanaged assets. Typically, these orphans have fewer security controls, and act like beacons for the bad guys. So, threat vectors are programmed to scan networks looking for machines with lower patch levels, or are running on ports not accessed by most of the other devices on the network.
Sometimes companies discard hardware without having wiped login credentials or data – and this can also become fodder for cybercriminal activity.
Digital attack surfaces can include applications, vulnerabilities created by poor coding and weak passwords, servers, websites, ports, default operating system settings – and unpatched programs. The latter is especially problematic.
Last year, 28% of all successful breaches were attributed to poor patch management. Unfortunately, cybercriminals are aware of this, and have developed special programs to scan for vulnerable systems so they can exploit security gaps before they are patched.
Today attack surfaces are constantly shifting and expanding – and they are expanding into the cloud, too.
What? Vulnerabilities in the cloud?
Experienced IT people started asking that question some years back, with good reason. Luckily, so did the cloud providers.
Today, for the most part, the major cloud providers, Amazon Web Services (AWS), Microsoft Azure and Google Cloud – which provide two-thirds of corporate cloud services, and control 71% of the public cloud market – are pretty secure. Actually, the top eight global cloud providers all take security very seriously.
But… this doesn’t mean they are invincible. In May 2022, 6.5 TB of information belonging to Pegasus Airlines was exposed because of an AWS breach.
On July 11, 2023, Microsoft announced that a group of Chinese hackers known as Storm-0558 gained access to government agency and individual accounts in Europe and the US – and then used the stolen credentials to access other accounts. Although the hole has been patched, it underscores the vulnerability of even the largest cloud providers.
Does that mean corporations should feel secure, if they use one of the top eight providers?
Sadly, no. Companies are far less likely to encounter security problems with a major provider, but too many companies have become complacent when using the cloud, expecting the cloud provider to be fully-responsible for security.
In actual fact, the onus is on the individual companies to protect their perimeters.
Unfortunately, most of the cloud-related problems stem from improper or inadequate security practices on the part of the users.
Greatest Areas of Vulnerability – and What You Can Do
For those of you actively involved in your company’s coding, it’s a good idea to check if your credentials have been hardcoded into your source control management systems. Unit 42 recently surveyed thousands of organisations around the globe and found this to be the case for 83% of firms.
This is a huge vulnerability because these kinds of credentials that can be used cloud-centric cybercriminals to move laterally and vertically within the organisation. For this reason, cybercrooks quickly learn, or are taught, to ferret out susceptible cloud environments. Thankfully this weakness is relatively easy to shore up.
Another big problem is improperly configured cloud environments.
In fact, nearly two thirds of cloud security incidents in 2022 and 2023 were the result of misconfigurations related to permissions granted to individual or groups – most being granted far too much latitude. For this reason, Identity and Access Management (IAM) is crucial so that administrators can determine which users should be authorized to modify or otherwise engage with specific resources.
Some Identity and Access Management Approaches
It’s critical enough that it bears repeating: Investigations by multiple partners indicate that a major problem is providing too much access, to too many people. In fact, research suggests that 99% of cloud identities are overly-permissive.
At very least, administrator and user credentials should be separated, and access within the cloud should be limited/ restricted based on functional roles, following the “Least Privilege” guidelines, which are considered “best practice” today.
Using the Principle of Least Privilege (PoLP), users only have access to the specific resources, applications and data they need to perform the specific tasks associated with their role in the company.
Unfortunately, in the vast majority of organisations, permissions related to cloud access and usage often exceed what’s needed for the user’s position. By restricting access, you also limit where threat vector can go if an individual’s credentials are compromised. Using this approach helps organisations reduce their attack surface and improve their security posture.
It’s also important to ensure that all identities are de-provisioned when they are no longer needed, and/or the stakeholder is no longer associated with the company.
To make this process more efficient and effective, it’s good to centralize the management of user credentials. This is sometimes referred to as centralized IAM.
The Role of MFA in the Cloud
Multi-Factor Authentication (MFA) is an excellent first line of defence, and not just helping to protect corporate networks and endpoints.
Unfortunately, MFA is not routinely enforced for cloud users. Approximate three quarters of organisations do not have MFA on their consoles, and… console access is more susceptible to brute-force attacks. Indeed, such attacks are still responsible for 10% of successful breaches.
Additionally, over half of all firms do not require MFAs for their system administrators. Something else cybercriminal know and try to exploit.
As a starting point, it is highly recommended that MFA software, such as Duo, be adopted for all remote access. Research shows that 89% of organisations that fell victim to hackers through compromised emails, had no MFA protection on key Internet-facing systems, including their VPNs.
It is also important to implement MFA internally, so that the user needs to be verified each time he, she or they move to a system or platform with a different trust level, based on the company’s permission policies. This will provide you with a layered defence, making it harder for threat vectors to successfully worm their way to deeply into your network – especially if you implement a Least Privilege approach.
Cybercriminals who focus on cloud penetration follow different set of tactics, techniques and procedures, by targeting cloud vulnerabilities and then determining how to hop, skip and jump from one system to another, moving laterally and vertically within the network.
What Can You Do to Protect Your Cloud, Edge, Networks and Endpoints?
-
Use MFA (e.g. Duo) on all users and administrators, on every portal, credentials, workstation, server, etc.
-
Have fully- automated back-ups, with redundancies, of data, network and configurations.
-
Develop comprehensive breach response and business continuity plans + Practice Routinely.
-
Develop Disaster Recovery Protocols + and test on regularly with full back-up from scratch.
-
Set privacy policies with centralized IAM and adopt “Least Privilege” Approach.
-
Introduce a 3rd generation route with tools to prevent Darkweb or Tailscale networks from connecting to or from your network.
-
Conduct a security audit and on-going pen testing.
-
Institute Darkweb and cybercrime awareness train for all employees and stakeholders accessing network.
-
Install an organisational password management tool.
-
Install antivirus protection such as Cisco’s AMP on all endpoints (yes, even on MACs).
-
Implement EDR (equipment IT security threat detection) on all devices.
-
Review your cyberinsurance policy and ensure you remain compliant
By implementing these relatively simple steps, organisations have a pretty good chance of staying at least one step ahead of the cybercriminals.
If you would like more information, please contact us at [email protected] or call us at 416.429.0796 or 1.877.238.9944 (toll free).