In our latest webinar, HOSTING Chief Information Security Officer Johan Hybinette joined Stephen Coty, Chief Security Evangelist for Alert Logic to review the newly released 2015 Alert Logic Cloud Security Report. For this report, Alert Logic employed their proprietary big data security analytics engine to analyze more than one billion events and identify over 800,000 security incidents that occurred throughout 2014. Missed it? View the on-demand webinar and download the report for Johan and Stephen’s expert insights. Following are some highlights.
Cyber attacks are on the rise
While 2014 was billed as the Year of the Hack, 2015 also had its share of headline grabbing data breaches and cyber attacks. As the report notes, “Companies both large and small are targeted daily by hackers seeking valuable data to monetize in the cyber underground.” At the same time, recent research indicates that 87% of organizations are taking advantage of cloud infrastructure, with an estimate spend of more than $200 billion in 2016. Big numbers for sure, but what do we glean from them?
- Organizations are making use of public clouds more than ever.
- Hackers have a larger attack surface to gain access to sensitive data.
Hackers are like most of us – pressed for time. So they want to invest their time and resources into attacks that will result in the biggest payoff. Since an increasing number of organizations are shifting their workloads, applications and sensitive data into the cloud, they are viewed as potential jackpots by cyber criminals. Hackers also know that many businesses mistakenly assume that cloud providers take care of all their security needs. The reality is that security in the cloud is a shared responsibility.
An organization’s industry and customers can dictate their threat profile
For this year’s report, Alert Logic performed industry analysis to identify trends in the types of cyberattacks. What they found was that businesses with a significant online presence for customer interaction are more likely to be targets of application attacks. Target industries include real estate, retail and financial services.
Application Attack – an attempt to exploit and application in order to harm, destroy or access the application or data stored in the application. Examples of application attacks include SQL Injection and the Heartbleed exploit.
Alert Logic also found that businesses that have smaller online presences are more susceptible to traditional means of infiltration such as Brute Force and Trojan attacks. Industries such as agriculture are ideal targets for Trojans while industries such as computer services experience a high occurrence of Brute Force attacks.
Brute Force – An attempt to gain access to a system by repeatedly trying different user names and passwords or cryptographic keys until the correct user name/password combination or correct key is found. An example of a brute force attack would be a dictionary attack against an ftp or email server.
Trojan Activity – A Trojan attack is unwanted or malicious code that is not self-replicating. This code may cause harm to the system, data to be lost or stolen, or provide access to a malicious user. Kazy and Superfish are examples of Trojans.
3 Things to consider when addressing your cloud security posture
A common mistake that companies make is to assume that once they engage with a cloud services provider, they are no longer responsible for protecting their applications, data and network infrastructure. While some cloud service providers (CSPs) offer managed services that include security, organizations play a significant role in their security postures as well. Following are three actions organizations should take to improve their cloud security postures.
1) Understand your threat profile
Maintain a solid understanding or the application types your organization deploys, the type of data stored and maintained, and any compliance mandates that must be addressed (i.e., HIPAA, PCI, SOX, etc.). This will drive decisions regarding what security controls must be in place.
2) Start with your data
Many organizations look at technology first when planning out their security needs. Start by analyzing your organization’s data and applications first. Keep in mind that there may be different approaches to security, based on your data and applications
3) Create a process playbook
Once you understand what data and applications need protection, Alert Logic recommends building your “process playbook.” Include responsibilities, stakeholders and incident response plans. And remember, no playbook is complete without a contingency plan.
10 Best practices for cloud security
During the webinar, Stephen and Johan provided a list of 10 best practices for establishing a strong cloud security profile.
1) Secure your code
Use encryption whenever you can, and limit employee access privileges to only what they need.
2) Create access management policies
Identify data infrastructure that requires access and define roles and responsibilities for those people who are responsible for it. Keep your access control simple by starting with the least privilege access model.
3) Classify your data
Identify data repositories and mobile backups. Understand what data your organization stores, uses and maintains to determine classification levels and access requirements.
4) Adopt a patch management approach
Identify all production systems and set up a regular patching schedule. Be sure to test all patches before releasing them into production.
5) Review logs regularly
Log review is an essential component of your organization’s security protocol. Regular log monitoring can identify malicious activities, compliance needs and system performance.
6) Build a security toolkit
Stephen listed many components to include in a security toolkit. Some essential elements include:
- Encryption solutions
- Antivirus protection
- Malware detection
- Intrusion detection systems
- Web application firewall
7) Stay informed of the latest vulnerabilities
Cyberattacks continue to become more sophisticated. Subscribe to Alert Logic’s Weekly Threat Report to keep current on the latest cyber threats that can impact your organization.
8) Understand your CSP’s cloud security model
People, processes and technology are essential here. Ask your CSP has a dedicated team of certified information security experts that are fluent in your organization’s specific security and compliance needs. Learn their processes for monitoring, identifying and remediating threats. Finally, review their security toolkit to ensure their technologies are robust and up-to-date.
9) Understand the meaning behind shared security responsibility
CSPs have different service level agreements (SLAs) that pertain to their security processes and how much responsibility they take for securing your assets. Make sure you understand the roles and responsibilities of both parties.
10) Know your adversaries
Cyber criminals are well-organized, well-educated and well-funded. And they are increasingly becoming more specialized. Know which groups are targeting your data and applications. Some groups are focused on hacking healthcare organizations; others target financial services organizations, and some are generalists.
View our on-demand webinar for more cloud security insights from HOSTING and Alert Logic. And download the Alert Logic 2015 Cloud Security Report.