Monthly Archives: June 2019

Top 3 Challenges with Securing the Cloud

Cloud SecurityBy 2020,  it’s predicted that 83% of company workload will be stored in the cloud (Forbes).  This rise in usage and popularity comes at no surprise with how cost-effective and easy it is to manage systems in the cloud.

As more critical applications are migrating towards the cloud, data privacy and software security are becoming a greater concern.  With 60% of web applications compromised due to cloud-based email servers (Verizon 2019 DBIR), it’s time to take these concerns seriously.

The cloud has had its share of attacks over the years, from DDoS to data loss attacks and even data breaches.  Whether malicious tampering or accidental deleting, these attacks can lead to a loss of sensitive data and often a loss of revenue.

How exactly do we secure data and prevent against these attacks in the cloud?

The one way to truly secure your data in the cloud is through continual monitoring of your cloud systems. However, this is a challenging process for several reasons:

1.    Lack of Visibility

Cloud technology solutions often make the job of security providers more difficult because they don’t provide a single-pane-of-glass to view all endpoints and data. For this reason, you need a vast number of tools to monitor your cloud systems. For example, most cloud solutions send email notifications that provide some visibility into your environment.  However, these notifications don’t always provide enough insight into what exactly happened. You may receive an email alert about a suspicious login, but many of these alerts don’t give information about where the login attempt happened and what user was affected.

These vague alerts mean you have to investigate further; however, many of these cloud systems don’t have very useful investigative tools. If you want to find out more about the alert, you may be able to view the reports and read the logs associated with the activity, but that requires practice in knowing what to look for and how to interpret the information. This leads to another challenge in cloud security: lack of expertise.

2.    Lack of Expertise

It takes practice to be able to look at security logs and interpret what the activity means. Different cloud providers may produce different types of logs and it can be difficult to translate the many varying log types.

If you want to secure your cloud environment properly, you will need a team dedicated to configuring, monitoring and managing these tools. Through 2022, it’s predicted that 95% of cloud security failures will result from customer error (Gartner).  This reinforces the need to configure your cloud environment properly. Interpreting logs and configuring cloud systems requires skills that are developed overtime.  Many security professionals lack this particular expertise or the time required to properly develop these skills.

Those that do possess these skills and knowledge are in high demand, and there simply aren’t enough people to fill these positions.

3.    Lack of Resources

Implementing all the right tools and staffing appropriately to monitor these tools around-the-clock is not an inexpensive endeavor.  Luckily, there are services you can leverage to augment your staff and monitor your environment, such as a managed security services provider (MSSP).

MSSPs have the tools and resources to pull information from all of your different cloud systems and monitor them in one place.  With a full staff of experts on-hand at all hours, an MSSP is fully prepared to monitor and respond to incidents. They can help provide the expertise and visibility into your cloud environment required to properly secure your cloud systems.

The post Top 3 Challenges with Securing the Cloud appeared first on GRA Quantum.

Small and Mid-size Orgs: Take Notice of this Trend in the 2019 Verizon Data Breach Investigations Report (DBIR).

43% of breaches in 2018 involved small businesses. Hackers know you’re vulnerable and they’re acting on it.

We’re big fans of the DBIR over here, not just because we’re contributing partners and want to see our name in lights. Yes, we’re certainly guilty of initially jumping into the contributor section and searching for our logo, but after that, we devour the data. The report in itself is an easy read, and there is also a DBIR executive summary available for those that want a short overview.

At GRA Quantum, we’re experts at developing tailored security solutions for small organizations facing big threats —and the data in this year’s DBIR show that the threats facing these orgs are only growing. 43% of breaches in 2018 involved small businesses. And that makes sense, when you take the threat actors’ POV into account. Nefarious attackers know that small and mid-size businesses don’t have the cyber hygiene that’s expected of enterprise organizations. Yet, the personally identifiable information (PII) and the intellectual property of smaller organizations is just as valuable.

It’s not all bad news.

As more organizations, especially in the small and mid-size range, move to the cloud, hackers shift their focus to the cloud too. The DBIR showed an increase in hackers’ focus to cloud-based servers. Where’s the good news in this? Much of this hacking stems from stolen credentials AND can be prevented with better education amongst staff, paired with anti-phishing technology and managed security services. All affordable options for companies that don’t have hundreds or thousands of endpoints.

More good news: you can start protecting your small org today by implementing some cybersecurity best practices. We’ve developed a checklist to strengthen your cybersecurity program that can get you started. It’s more straightforward than you may anticipate, and you don’t have to be technical or in a security role to kick-off the initiative. In fact, the list was created for management in Human Resources and Finance departments. Items in the list that are easiest to implement include:

  • Enforcing a policy to require multi-factor authentication (MFA) to access all company systems
  • Creating an onboarding and offboarding policy, integrating HR and IT activities
  • Developing a third-party vendor risk management program
 Start taking this proactive approach to get ahead of the threats and strengthen your security stance today.

 

The post Small and Mid-size Orgs: Take Notice of this Trend in the 2019 Verizon Data Breach Investigations Report (DBIR). appeared first on GRA Quantum.