How to identify and mitigate cloud-based cyber attacks
Sprawling IT estates with a vast network of endpoints need a strong security strategy, advanced threat detection, and, ultimately, a human touch
Cyber attacks may be an inevitable part of modern life but that doesn’t mean that businesses simply have to put up with them. Indeed it is possible to have both a proactive and reactive stance when it comes to securing your organization. The reality is that this does take hard work and constant evolution of strategy to move from theory to reality and remain safe from harm.
Take this year’s hack on The New York Times for instance; It was a GitHub repository that was breached at the start of the year after a 4Chan user claimed to have stolen “basically all source code belonging to The New York Times Company”. That cache was estimated to be around 273GB of data including IT documentation, infrastructure tools, email marketing campaigns, ad reports, and source code for other NYT-owned platforms like Wordle.
This example highlights that there are many ways to get inside a modern company, and knowing how to identify the risks and mitigate cloud-based cyber threats is the best way to keep your organization and its data safe.
Cloud-based security
When people talk about cloud security, they are generally referring to securing cloud-based computing systems such as online storage platforms, and SaaS applications – essentially anything that uses, stores, or transfers data. Making sure these systems are safe requires a host of different elements, some strong government-level regulation, and every person in the company adhering to best practices at all times.
Cloud providers that host services on their servers via ‘always-on’ internet connections will have a responsibility to maintain a high level of security – particularly as it builds trust among its customers. However, cloud security is also the responsibility of the client and an understanding of both is key to a healthy cloud security setup.
At a very basic level, this will include data security and data retention, identity and access management, IT governance, and legal compliance. It will cover backend systems like servers and also include all endpoints used within an organization, such as laptops and desktops. With large enterprises, this is often an ever-growing map of possible entrances for unauthorized parties to test.
Expect the worst
Historic and emerging/evolving threats were a key focus for the Cloud Security Alliance’s (CSA) recently published top threats for 2024 report
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
“It’s tempting to think that the reason the same issues have remained in the top spots since the report was last issued stems from a lack of progress in securing these features. The larger picture, however, speaks to the importance placed on these vulnerabilities by organizations and the degrees to which they are working to build ever more secure and resilient cloud environments,” said Michael Roza, co-chair, Top Threats Working Group, and one of the paper’s lead authors.
The top threats in listed order were:
“Given the ever-evolving cybersecurity landscape, it’s difficult for companies to stay ahead of the curve and mitigate their financial and reputational risks. By bringing attention to those threats, vulnerabilities, and risks that are top-of-mind across the industry, organizations can better focus their resources,” said Sean Heide, the CSA’s technical research director.
As negative as it may sound, planning for the worst possible scenario is arguably the best advice when it comes to cybersecurity. If you have a plan in place you will give yourself every chance of fighting off whatever comes your way – and trust us, something will come up eventually. Having a strategy in place for the worst-case scenario(s) will help to fortify defense systems and protocols, and also enable a robust response should a threat surface.
But where should you start? Detection systems that monitor network traffic or system activities, particularly those of a malicious nature, are a great first to have on the list. These will give you generated alerts and can even trigger automated responses, taking the burden away from thinly stretched IT teams.
Endpoint detection and response services are also key. These are designed to protect individual endpoints such as the computers, laptops, and mobile devices your staff uses, as well as the myriad IoT devices in your network. However, when we talk about endpoints, we also mean the communication apps that you access through them. Here, users are in the firing line for phishing attacks via email or Whatsapp, but a good threat detection program can monitor those activities. The end user will have a report button, but a detection system can spot the patterns and see whether there is a significant volume for a targeted attack, and stop it as early as possible.
Managed detection and response
A managed detection and response (MDR) service offers a more holistic approach to endpoint security. An MDR is an outsourced service that identifies and responds to threats as soon as they’re discovered – here it can address the significant problems that cause today’s businesses the most headaches.
It also helps with skill shortages and tight budgets; while larger organizations may be able to properly train or hire security professionals, smaller and medium-sized businesses may lack the skills to directly deal with complex threats. Enterprise companies may also face challenges when deploying complex endpoint detection systems, particularly if they’re short on time and expertise. A good MDR suite, however, will integrate EDR tools into its security implementation and make them an integral part of the detection, analysis, and response protocol.
Even enterprises that have the necessary budget to hire professionals to tackle cyber threats still struggle to recruit enough people. An overlooked issue in cybersecurity is the sheer volume of alerts that IT teams receive daily, making it nearly impossible to spot all the malicious ones. Forget trying to correlate those threats and see the wider patterns, as they’ll be unable to keep up. Smaller teams will be completely overrun.
An MDR, however, is designed to mitigate gaps in cybersecurity skills by taking the weight off in-house teams. That’s not to say that you won’t need any trained professionals, however. An MDR service will provide recommendations for changes based on its interpretation of security incidents. A skilled professional will be needed to contextualize the threat and dig deeper into the hows and whys of the event – a human touch is still an important part of the security strategy.
Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.
Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.