sb-nz logo
Story image

Enterprise cloud deployments being exploited by cybercriminals

20 Feb 2019

A new report from Check Point Software Technologies has revealed there is a lot of uncertainty surrounding cloud security breaches - which are on the rise.

According to the cybersecurity specialist’s third instalment of its 2019 Security Report, cybercriminals are increasingly targeting the weakest and least protected points in an organisation’s IT infrastructure - the public cloud and mobile deployments.

The report reveals the key cyber-attack trends used by criminals to target enterprise cloud and mobile estates during 2018. It also reveals enterprise IT and security teams’ key security concerns about these deployments.

It shows there is certainly cause for alarm, as almost one in five organisations around the world had a cloud security incident in the past year with the most common incident types being data leaks/breaches, account hijacks, and malware infections.

IT professionals of the report were then asked to list what they perceive to be the top four public cloud security threats, with misconfiguration of cloud platforms leading to data loss or breaches being the most prominent with 62 percent, followed by unauthorised access to cloud resources with 55 percent, insecure interfaces and APIS with 50 percent, and finally hijacking of accounts or data traffic 47 percent.

However, by no means does this show that IT professionals are aware of the swelling issue. A staggering 30 percent still believe security is the responsibility of the cloud service provider. Check Point says this concering finding negates recommendations that cloud security should follow the mutual responsibility model, in which security is shared by both the cloud provider and the customer.

According to Check Point, a single misconfigured cloud workload or storage instance is all it takes to open the gates to a potential attack with huge repercussions.

Hardware chip vulnerabilities that can be found in the systems that make up cloud infrastructure - like Meltdown, Spectre, and Foreshadow - are also exposing data to cybercriminals.

Another possible driver of this targeting of cloud infrastructure is because revenue from other instances like cryptojacking and ransomware continue to reduce.

“The third instalment of our 2019 Security Report shows just how vulnerable organisations are to attacks targeting their cloud and mobile estates because there is a lack of awareness of the threats they face and how to mitigate them,” says Check Point Software Technologies Cloud Product Line head Zohar Alon.

As nearly 20 percent of organisations have experienced a cloud incident in the past year, it’s clear that criminals are looking to exploit these security gaps.”

On the mobile deployment side, the majority (59) percent of IT professionals are not using mobile threat defences capable of detecting leading threats including mobile malware, fake or malicious apps, man-in-the-middle attacks and system vulnerabilities.

This is perhaps because just 9 percent consider threats on mobile devices a significant security risk, despite Check Point asserting malware can propagate from unprotected mobile devices to organisations’ cloud- or on-premise networks, exploiting this weak link in enterprise security defences.

Story image
Security and operations collaboration key to success post COVID-19
“We are in an ultra-hybrid world with multi-everything, and in order to successfully navigate this landscape, ITOps, DevOps, and SecOps teams need to more closely align."More
Story image
NZX, Metservice attacks show Kiwi companies must rethink cyber security
The attacks are a wake-up call for New Zealand businesses to step up their threat protection and contingency planning systems.More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Interview: How cyber hygiene supports security culture - ThreatQuotient
We spoke with ThreatQuotient’s APJC regional director Anthony Stitt to dig deeper into cyber hygiene, security culture, threat intelligence, and the tools that support them.More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More