Is 2017 set to be a tipping point for cloud threats?

Phil Muncaster

Thursday 16 February 2017

As the black hats look to mine your organisation’s most sensitive data and cause maximum disruption, what tools and techniques might help to stop them?

The past year has been a tech journalist’s dream, but a nightmare for the IT security teams tasked with keeping hackers at bay. Malwarebytes alone detected almost one billion malware threats in just six months (June-November 2016). Many more threats, designed to slip under the radar, will have gone unnoticed.

With employees of the average global enterprise using nearly 1000 cloud services, there’s plenty of opportunities for the bad guys to make mischief. They might be after sensitive corporate IP or customer data. Or they could be looking to disrupt services. Whatever their intentions, we need to get better at spotting and stopping cyberthreats.

Data breaches are never going to go away, but the risk of a major data theft has never been higher. Internal data is frequently breached via an unsecure third party, with password-based systems a common weakness. There’s also the risk of employees uploading sensitive data to a cloud service. Nearly half of all firms who experienced a breach last year said data was accidentally or intentionally exposed via a cloud service.

Targeted attacks are far more insidious, but the means to launch these covert raids are now widely available on the dark web. Trend Micro’s security predictions suggest some new and unexpected techniques designed to circumvent traditional security will emerge this year.

Ransomware was the break-out threat of 2016. It’s predicted to slow this year, but will remain a great, high-ROI way for hackers to make money. It could also be merged with data stealing malware to create even more mayhem.

Record-breaking DDoS attacks made the headlines last year and they’re set to cause more havoc this year. The problem will continue to be vulnerable consumer-grade IoT devices which enable hackers to create large botnets to power their denial of service campaigns.

Fighting back

While the threats will ramp up in 2017, there are a few things firms can do to mitigate the risks. Educating your employees to not click on links or open attachments on suspicious emails can help reduce the risk of infection. Staying up to date with all software and OS patches also helps reduce your organisation’s attack surface significantly. And consider either using a password manager to ensure enterprise credentials are hard to guess/crack or switching to two-factor authentication.

These simple steps can form a good foundational base for security. While a determined hacker will always be able to succeed, it’s about making it as difficult for them as possible, and then using threat intelligence and monitoring tools to spot an intrusion before it’s too late. With new EU data protection laws set to levy heavy fines from 2018, IT teams don’t have much time.


Building the next-gen data centre

Where traditional and web-scale apps co-exist