Tackling Rising Threats in Cloud Security

As cloud account vulnerabilities rise, experts stress the importance of a Shared Responsibility Model to bolster security. Cyber magazine investigates

A new report has found that attackers are increasingly targeting weaknesses in cloud accounts to break into systems so that they can then access sensitive data or cause other problems.

Cybersecurity firm Red Canary found in its sixth annual Threat Detection Report that cybersecurity threats are rapidly changing, posing big challenges for organisations in keeping their systems safe. 

The report looks at data from nearly 60,000 threats detected in 2023, collected from various sources like endpoints, networks and cloud infrastructure. Unlike other yearly reports, Red Canary’s report stands out because it combines broad detection coverage with analysis to give a deeper understanding of the threats.

Vulnerabilities in cloud systems 

One big takeaway from the report was the rise of two new tactics in the top 10 most used techniques by cyber attackers: Email Forwarding Rule and Cloud Accounts. This shows a shift in focus towards targeting vulnerabilities in cloud systems.

Cloud Accounts jumped up to fourth place in 2023 from being much lower the year before. This means attackers are increasingly targeting weaknesses in cloud accounts to break into systems. They can then access sensitive data or cause other problems.

Another concerning finding was the increase in malicious email forwarding rules. Attackers are becoming increasingly cunning, discreetly rerouting crucial emails to less conspicuous locations, like archive folders. This tactic carries significant ramifications, including the potential for redirecting payroll funds to unintended recipients.

Keith McCammon, Red Canary’s Chief Security Officer, stresses the importance of protecting corporate identities. He says that the rise in attacks on cloud accounts shows just how “crucial it is to manage who has access to what”.

"The golden thread connecting these modes of attack is identity. To access cloud accounts and SaaS applications, adversaries must compromise some form of identity or credential, and one that is highly privileged can grant an adversary untold access to valuable accounts, underscoring the critical importance of securing corporate identities and identity providers,” he says. 

Cloud security: why we need shared responsibility 

Martin Walsham, director of AMR CyberSecurity believes a shared responsibility model is needed for effective cloud security management and to tackle some of the vulnerabilities, echoing McCammon’s comments on managing who has access to what. 

Walsham explains the Shared Responsibility Model (SRM) is a cloud security strategy that suggests that while cloud providers are responsible for safeguarding their security infrastructure, customers are responsible for securing their applications and data within the bounds of their cloud environment. 

“SRM provides a well-defined way to establish the security and compliance roles of cloud service providers and their customers. It is essential for effective cloud security management, providing clarity, accountability, risk management capabilities, compliance assurance and flexibility to organisations operating in cloud environments,” he says.

“It also allows organisations to adapt security strategies and controls to meet changing business needs and technological advancements. As organisations scale cloud deployments or adopt new cloud services, SRM provides the flexibility to adjust security measures, accordingly, ensuring ongoing protection of assets,” he adds.

Advantages of cloud-hosted IT systems 

Cloud-hosted IT systems provide numerous advantages, enabling organisations to scale quickly, without the upfront costs of data centres and hardware infrastructure. They also deliver access to a wide variety of turnkey services and applications.  

Historically, an organisation was responsible for all of its data centre security - including the physical security of the data centre and the room, management and security of physical servers and networking devices, along with the operating systems and applications that reside on them and user administration.  

In a cloud environment, a shared responsibility model is developed so the cloud provider is responsible for some things, the customer is responsible for others and they share responsibility for other aspects.  

Walsham says: “SRM is fast becoming a foundational concept in cloud security management practices, growing in importance as organisations increasingly migrate their workloads, data and applications to the cloud. It is a recognition of the need for a clearer understanding of who is responsible for securing the various components of a cloud environment. This understanding is crucial for an organisation’s effective risk management, compliance with regulatory requirements and trust in cloud services.”

Where does responsibility sit? 

 The general principle is that the customer should delegate as much security responsibility as possible to the trusted cloud provider, who has the expertise and resources to effectively manage security. However, an organisation should always retain some responsibility for their data, endpoints, accounts, and access management, Walsham says. 

“When buying in any service, it is important to conduct a risk assessment to understand the impact of any compromise of confidentially, integrity and availability of their data, and identify appropriate controls to mitigate those risks. They must also be clear on what risks they are willing to tolerate or transfer,” he adds. 

A SRM also enables an organisation to focus resources and efforts on securing their data and applications within the cloud environment, rather than on managing the underlying infrastructure.  

Walsham believes with this shift in focus, it is possible to have a more proactive approach to security, implementing robust security controls, encryption mechanisms, access management policies and monitoring tools to protect assets effectively.  

“There are security benefits to hosting IT systems within the cloud versus managing the system internally, as the cloud provider may have better scale, access to better security resources, tried and tested templates and automation. But be mindful that cloud service providers do not have a magic wand. Cloud services are still subject to the same security vulnerabilities as any other IT systems. Organisations must understand and effectively implement the security controls they are responsible for under the SRM for the end-to-end service to be secure,” Walsham concludes. 

**************

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

**************

Cyber Magazine is a BizClik brand

Share

Featured Articles

SolarWinds: IT Staff Dubious on Organisation's AI Readiness

A recent trends report by SolarWinds reveals that very few IT professionals are confident in their organisation's readiness to integrate AI

Is Stress a Driving Force Behind the Cyber Skills Shortage?

A SenseOn study has showed 95% of IT leaders in the UK and Ireland say stress impacts their ability to retain staff

Rapid7 AI Engine Update Sees Gen AI Supporting SOC With MDR

Rapid7's enhanced AI Engine will now use machine learning models and new Gen AI models to separate real attacks from false alarms

Google Securing WFH with Zscaler and Netskope Partnership

Network Security

Why Have Cybersecurity Budgets Soared for TMT Companies?

Operational Security

Mandiant's Analysis Unveils Cause of Snowflake Data Theft

Operational Security