Cloud security has grown into a major issue for enterprises, as only one company in six encrypts all data, according to a Bitdefender survey. Just last month, some 48 million personal profiles scraped by LocalBlox for advertising purposes from websites including Facebook, LinkedIn and Twitter were accessible to anyone on the internet due to configuration errors in Amazon Web Services (AWS) S3 buckets. And this was not an isolated case; the Pentagon, Tesla, Verizon and Dow Jones are among other organisations that have also fallen victim to data breaches as a result of security loopholes in their cloud storage services.
A single vulnerable application on the server is enough to give cybercriminals a perfect entry point. Zakir Hussain -Director, BD soft, Country Partner of Bitdefender feels that cloud storage services along with SAAS/webmail providers are among the most targeted by phishing campaigns, especially in the finance sector, found the Anti-Phishing Working Groups. Organisations are excited about cloud services because they allow them to back up large amounts of big data at smaller rates. Even though businesses are widely adopting the cloud, they completely neglect security and privacy, allowing the attack surface to expand. Cryptojacking incidents, for instance, have grown by 8 per cent in Q2 2018, with 25 per cent of companies reporting this type of attack.
Some servers don’t even have passwords, not to mention more sophisticated security layers, which is probably why 27 per cent of companies, including Uber, Tesla, OneLogin, Aviva, and Gemalto, confirmed their accounts and sensitive information were compromised, according to the same research. What’s more, some 24 per cent are exposed to major security risks because their public cloud has not been patched. Over the past 12 months, vulnerabilities in cloud security infrastructure have already compromised MongoDB, Elasticsearch, Intel and Drupal, and more will follow because companies opt for hybrid cloud strategies that require a sophisticated security architecture.
Corporate databases are not properly encrypted. The industry did not really need a study to determine this, but some validation is always welcome to hopefully make enterprises more security-conscious. With GDPR right around the corner, it appears more companies are struggling to secure their networks to be compliant and fend off incidents....