Back to top

As consumers embrace information technology services, cyber-attacks are becoming increasingly prevalent. One Symantec cybercrime report reveals that data breaches cost US$114 billion annually. Considering that the report did not account for the time organizations spend recovering from the breaches, the costs may be much higher.

The Symantec report used survey data collection approaches, and 20,000 people provided their experiences. Approximately 69% of the participants from 24 countries confirmed that they have been victims of cybercrimes. The Symantec report estimates that 14 adults are attacked every minute. The sophistication of attacks is on the rise, and cybercriminals face fewer risks compared to physical attacks.

The InfoWorld website published the 2020 IDG cloud computing survey to explore emerging trends in the business application of cloud technologies. The survey indicates that over 500 IT specialists out of the total 551 interviewed spend a third of their organizations’ information management infrastructure on cloud services. Also, a majority of the representatives interviewed expressed an interest in increasing cloud services to half of their IT resources and applications.

Cloud
Computing
Models

IaaS (Infrastructure as a Service) provides clients with significant control over computing resources, but the model does not function under a plug-and-play design. Service providers deliver resources to their clients, who are not subjected to a subscription. Consumers pay for every package they prefer. One disadvantage of the model is that clients have a greater responsibility for the system infrastructure

For PaaS (Platform as a Service), the end-user generates and deploys resources and has fewer responsibilities compared to Iaas. The platform is recommended for developers.

Saas (Software as a Service) is convenient as clients do not have to install most of the software infrastructure. Customers can access data with an internet connection, and most service providers use a subscription model. A significant number of companies use the Saas function to manage email and Customer Relationship Management solutions.

IaaS Model
Vulnerabilities

Cybercriminals can rent virtual machines to launch attacks on other consumers in the network. Bruteforce and DDoS are some of the attacks that can expose consumers to data breaches.

SaaS Model
Vulnerabilities

The model is vulnerable to external and external attacks through strategies such as session hijacking and channel snooping within the network.

PaaS Model
Vulnerabilities

While consumers have some level of control in the development of applications there are vulnerabilities in the host and network security.

Global intelligence firm IDC published findings of a researcher study on cloud data vulnerabilities. Ermetic, an organization that specializes in cloud security, announced the IDC results which reveal that approximately 80% of the firms surveyed had suffered at least one cloud-based breach within the last 18 months. Almost 43% of the companies reported having experienced at least 10 cyber-attacks. 300 chief information security officers provided feedback on several challenges they faced. 67% CISOs stated that security misconfiguration is a leading problem. 64% highlighted a lack of visibility into access structures and processes as their main challenge. 61% recorded identity and access protocols as a problem they are familiar with. An 80% majority of the professionals could not identify excessive access to confidential data in both PaaS and IaaS models.

The 2020 Verizon Data Breach Investigation Report revealed that hacking incidents were the main causes of information breaches, and misconfiguration failures were the second leading cause of data breaches. A majority of the organizations included in the study used IAM solutions, but they were inadequate in cloud system protection. Two-thirds of the sample population expressed that cloud-native functions that facilitated authorization and permission controls were a major priority. Also, security configuration was among the leading concerns. The on-demand characteristics of public cloud solutions influence behaviors that can be exploited by attackers. In a scenario where users accumulate excessive access permissions in a cloud framework, cybercriminals can steal sensitive data through the delivery of malware or by disrupting vital functions.

Findings of
the IDC Cloud
Access
Investigation

  • The study gathered data from senior stakeholders that participate in IT decision-making in the United States. The industry distribution included 12% in Banking, 10% in Pharmaceutical domains, 8% in government capacities, 11% in Media, 10% in Insurance, 10% in Software solutions, 10% in Insurance, 9% in Retail, and 9% in Utilities. The companies ranged in the size of their workforce from 1500 to 20,000 employees`.
  • The top three threats to cloud security include security misconfiguration (67%), lack of access visibility (64%), and improper configurations of IAM and permission protocols (61%).
  • The major cloud security priorities include compliance monitoring, which constitutes 78%, the management of authorization and permission controls (75%), and the management of security configuration (73%).
  • The main cloud access security protection needs were in ensuring the confidentiality of sensitive information (67% prioritization), compliance with regulatory requirements (61%), and maintaining the proper level of access (53%).
  • Among the main cloud access, security challenges were gaps in expertise, which comprised 66% of the survey population.

The Cost of
Data Breaches

The 11th Annual Cost of Data Breach study funded by IBM provides benchmark findings on emerging trends in cybersecurity. The report, conducted by Ponemon Institute, was published in 2016. The investigation revealed average consolidated damage of $ 4 million in data breaches. Also, costs incurred due to stolen records rose from $154 to $156 in 2016.

Ponemon Institute researchers conducted interviews with IT specialists, information security personnel, and compliance professionals over a 10-month duration. The stakeholders represented 383 organizations in 12 nations. The findings indicate that approximately 25% of data breaches occur due to negligence, which is exploited by cybercriminals in a variety of attacks such as phishing, Distributed Denial of Service (DDoS), ransomware, and malware attacks.

End-to-End
Encryption

End-to-End encryption (E2EE) is an effective approach to protect communication channels from unauthorized access. While the security protocol can decrease security vulnerabilities, a research study conducted by faculty at the University of Maryland identified that non-experts have a limited understanding of E2EE, but education campaigns can improve consumers’ ability to protect communication channels. The researchers used a qualitative approach, where the participants received short tutorials on E2EE systems. 62 subjects completed the screening survey, and a majority did not have any background in IT or computer science. The tutorials provided debunked misconceptions involving the type of cyber-attacks E2EE security can protect users. Before the tutorials were issued, the participants answered questions, and follow-up questions were provided after the tutorial. The results indicate that emphasizing confidentiality and clearly expressing the limitations of the security protocol; particularly, on end-users reduced negligence risks.

Cloud solution vendors that educate their clients on the basic functionalities of products offered can improve protection outcomes as demonstrated by the research conducted by the University of Maryland research. An emphasis on educating consumers about how products and services should be used over how they work can improve mental models associated with technology consumption.

Similarly, information regarding blockchain integration and radar tracking should be provided by the software vendors to enhance the appropriate use of the technology. Striving for simplicity can have positive user outcomes; thus, terms should consider clients without any background in IT.