According to a survey by information systems and communications security Thales and Ponemon Institute, more than half of all respondents said their organization transfers sensitive or confidential data to the cloud. Despite the transfer of sensitive information, 35 percent of respondents said their use of the cloud actually decreased their security posture. More than 60 percent felt the cloud provider held the primary responsibility for protecting their data, yet more than half admitted they have no idea what their cloud provider does to protect the data.
As more consumers and companies fully adopt the cloud, security threats will become more sophisticated and pervasive. We’ve moved beyond the most destructive threat being credit card hacks and data breaches. Today our cloud-based storage can be ransomed by an anonymous hacker.
Here are some of the three biggest cloud storage security threats and how to combat them:
Ransomware :
Ransomware restricts access to infected computers and devices by encrypting your data so you can’t access it. The individuals behind the attack then demand a sum of money paid before they will release it. This can be disastrous for large cloud storage companies and businesses alike that house financial information and sensitive personal data. A report by McAfee shows a 165 percent increase of ransomware surges in Q1 2015 with targets toward services like Dropbox and Google Drive.
Take preventive action by backing-up your cloud data. Ransomware predators rely on the probability that you’ll have no choice but to pay the ransom, or forced into the laborious and futile task of restoring the data from hard copies, devices and drives. Using a cloud-to-cloud backup solution largely turns ransomware into a nuisance instead of a financial threat. Once your data has been hacked, restore your un-encryped information from your cloud-to-cloud backup and regain control.
DDoS attacks :
According to the Akamai State of the Internet security report, there was a 57 percent increase in distributed denial of service (DDoS) from the year prior. DDoS uses multiple compromised systems to target a single system and cause a denial of service. In other words, the site receives so much traffic it becomes unavailable. Akamai reports that DDos attackers can send 300 gigabits per second of malicious traffic to shut down a site.
Protect yourself by using a cloud-based DDoS protection service like Arbor Cloud or Akamai. Attacks are prevented from bypassing firewalls and intrusion prevention systems and brings your services and applications back to your control. Ask if attacks are monitored and dealt with in real time by on-call engineers. Attackers can change strategies on the fly and circumvent security efforts without active prevention.
Internet of Things :
Companies that spend millions on security are still at risk for backdoor attacks through the Internet of Things (IoT). The idea is that devices from dishwashers to household lighting are increasingly becoming connected to the Internet. The Federal Trade Commission raised the concern that small IoT devices may not have robust encryption and sufficient security measures.
But what does it matter if our smart TVs are tracking what we’re watching? IoT threats go bigger than that. Consider that Salesforce.com and Phillips announced a bold plan to build an open cloud-based healthcare platform. The plan details how patient sensing devices will send information back to the cloud so healthcare providers can analyze and prioritize care. This could lead to an ongoing threat of attacks for sensitive patient information and malicious tampering. IoT security is still in its infancy and leaves many businesses vulnerable.
The best way to combat IoT threats is to prevent them altogether. Study up on what kind of data and information your IoT device is collecting before purchasing. If your device is connected to your network, configure and activate a firewall on your device to help prevent an attack. Keep current on software updates on your devices to install any new security patches or read up on recent data breaches or issues.[su_box title=”About Susan Finch” style=”noise” box_color=”#336588″]
Susan Finch specialize in developing content marketing pieces, web copy and original editorial. She’ve worked on projects for Keybrand Entertainment, The Discovery Channel, The Food Network, NBC, Pokemon.com, Twix, Marriott, Sprint, Target, Maybelline, AT&T, Kayak.com, the NY Tourism Board, Lowe Lintas, Ogilvy & Mather, Grey Advertising, BBDO, Focus Features, Dreamworks Theatricals, and start-ups.
She also write travel guidebooks, magazine and newspaper features, and web copy. Her work has appeared in seven travel guidebooks, KNOW Atlanta, The Sydney Herald, Global Traveler Magazine, chamber of commerce publications, The LA Times, The Boston Globe, Kayak.com, content marketing channels and the iPhone app NYC Nature & Outdoors among numerous other outlets.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.