With Privilege Comes Responsibility: The Increasing Dangers of Attacks on Cloud Services and Networks
By: Reece Loftus
Originally published on Cloud Computing
As the potential risks associated with cloud computing and connectivity and “all things as a service” expand, CISOs are starting to recognize the risks associated with overprivileged IT administrators and power users. Privilege misuse continues to grow, unabated, and today is one of the most common insider threat vectors.
In the most highly regulated industries, including financial services, healthcare, retail, and others, compliance and audits associated with compliance are driving increased interest in, along with licensing of more intelligent and automated approaches designed to reduce not only human effort but human errors.
As Privileged Access Management (PAM) requirements expand with threats, constant changes, and regulations, IT teams are opting for advanced solutions which are easier for them to deploy and for end-users to use.
With the rise of cloud services, including AWS, Microsoft Azure, and many Software as a Service (SaaS) applications, Privileged Access Management (PAM) is also changing. Enterprise deployments once centered around Active Directory are merging with machine and service identities.
“Like any multi-cloud management capability, cloud PAM must support cloud-native application program interfaces (APIs), DevOps, container and serverless computing models, on top of the traditional servers in today’s changing environments,” said Orhan Yildirim, CTO of Ironsphere. “We must operate at web-scale today and put more agile solutions in place, which are far more powerful and affordable.”
Most cybersecurity incidents now involve cloud infrastructure, according to the latest Verizon Data Breach Investigations Report (DBIR).
Based on more than 79,000 cybersecurity incidents and over 5,200 breaches, 2020’s report analyzed around 4,000 breaches, while 2019’s report included 2,000.
A whopping 73 percent of cybersecurity incidents analyzed by the DBIR team involved external cloud assets, with the rest involving on-premises IT assets.
Last year, cloud assets were only involved in 27 percent of breaches.
“The increased share of cloud incidents is obvious when you look at the continued move to the cloud, especially with the surge of remote workers who had to rely on the cloud and Internet to access enterprise systems,” Yildirim said.
According to Verizon, for cloud incidents, the most common factors were stolen credentials, misconfigurations, and phishing.
Overall, credentials were involved in 61 percent of breaches.
“The COVID-19 pandemic accelerated the move to zero-trust platforms,” Yildirim said, “as nearly the entire global workforce was forced to work from home, outside the local network perimeter, obliging organizations to secure end-users who are working remotely, as well as fix anomalies.”
Solid zero-trust platforms are key, Yildirim explained. “It is important to integrate security functions into every digital system touch-point so that users have no choice but to offer more protection.”
A zero-trust approach to security reflects four principles:
-No user should be trusted by default, as they could be compromised
-VPN and firewalls guard only the perimeter
-Identity and device authentication should take place throughout the network, rather than just work on the perimeter
-Micro-segmentation really helps minimize damage from hackers by creating interior walls and locks
“Simply put, cybersecurity software and systems need to constantly keep pace with changes on the corporate IT front,” Yildirim said. “For large companies, there is no option except to use automated PAM, which is increasingly interconnected and can support multiple business applications.”
The benefits of moving more and more to the cloud are now proven. What do IT teams need to know when contracting with cloud service providers and the communications service providers delivering access and transmission services?
While we all instantly understand the motivation for cyber criminals to steal data from financial services companies, retailers, and other transaction-related businesses, it’s less obvious why healthcare is one of the top targeted industries when it comes to security breaches.
When the Covid-19 pandemic began, organizations across all industries were forced to go digital, which unfortunately led to a boom-time for potential cybercriminals. Reports of cybercrime shot up by almost 70 percent in the US compared to 2019, as the lockdown created an ideal environment for cybercriminals, with phishing and ransomware remaining the most common approach, accounting for 33 percent of cyberattacks.