Securezoo Articles
Article Topics   
By Frank Crast, 12/21/2016


McAfee Labs recently published a report titled "2017 Threats Predictions" that includes "big picture take" on some of the most difficult problems to solve in cyber security. The report further provides guidance on threat predictions for 2017 to include 11 predictions related to cloud threats. Organizations should take these cyber threats into consideration when planning future deployments to the cloud or better securing current cloud configurations. 


The report starts with six "hard-to-solve" cybersecurity challenges and then summarizes some of their cyber threat predictions for 2017 and beyond.

Some of the challenges include the need for threat defense effectiveness, to make attacks more expensive (or less profitable), to improve visibility, identify exploitation quickly and protect decentralized data. 

I chose to highlight one section of the report that is well worth reading and focuses on 11 Cloud Threat predictions as well as guidance for organizations. 
 

1) Trust in cloud to increase

As trust increases in moving applications and storing sensitive data in the cloud, more cybercriminals will also increase interest in attacking cloud services and stealing your data. There has been an acceleration of companies moving their applications and services into the cloud the last couple of years.

This trend will continue to increase, short of any major cloud service provider breaches. In some cases, companies have even become completely cloud dependent. Don't forget about data backups, business continuity plans and disaster recovery plans when moving to the cloud.
 

2) Businesses to hold "crown jewels" on-premise

Enterprises will continue to hold most of their most sensitive data and intellectual data (or "crown jewels") on premise and in their own data centers. When using private cloud, organizations will need to continue protecting all layers to include applications, OS, hardware and hypervisors. However, protecting all those layers and the crown jewels will be be difficult given the perimeter is less defined.

The growing use of cloud services will only compound the problem, but organizations need to better define policies and procedures to include what data needs to go where and what type of data protection is needed.
 

3) Conflicts of "speed, efficiency and cost" vs. security

One barrier to new organizations adoption of cloud is security. For existing cloud customers, however, security dropped behind financial oversight and operational consistency in terms of priority. The shift towards greater speed and efficiency will put pressure on security. 

According to the report, organizations will of course need to strike a balance and work with Cloud Service Providers (CSPs) on different service level agreements based on risk profiles and cost. 
 

4) Antiquated authentication schemes

Passwords will continue to be biggest weaknesses for organizations, both in and out of the cloud. Attackers constantly mine social media, search for stolen passwords and other personal data to steal credentials. Targeted phishing attacks will continue. Active Directory will have more of a limited impact by authentication systems used by CSPs. 

Beware of your user fondness to use same or similar password for each cloud service. Expect cyber criminals to target admin accounts. So pay close attention and monitor admin activity in the cloud. 
 

5) "Attacks will come from all directions"

Traditional attacks patterns are "north to south," where attackers will move down the stack (such as starting with web server) to increase privileges and exploit vulnerabilities and gain access to data/systems (such as customer databases).

With the cloud, attackers will move to more of an "east to west" model, such as from one virtual machine (VM) to another or from less sensitive VMs or containers to more sensitive ones. Or worse, jump from one organization to another. 

Cyber criminals will also use the scale of the cloud to gain a foothold for surveillance and data exfiltration, as well as scan broadly for vulnerabilities and attack multiple organizations within same CSP.
 

6) Inconsistent implementations of security controls

Multiple CSPs can lead to different security standards and security postures. Understand the potential for process failures. For example, often times the roles and responsibilities between CSP and customer is not clearly understood.

Don't assume the CSP is taking care of your security controls, such as OS hardening, applying role-based access controls to privileged management, default accounts, password management, 2FA, etc. 
 

7) Visibility and control are key problem areas

Organizations don't always know where their data is. Are you keeping data within the country's borders needed to meet local regulatory requirements? 

Some safeguards to consider is to prevent most sensitive data from leaving premises and limit some processes from executing in some cloud environments. The report emphasizes organizations will need to move to "context-based" behavioral analytics to help detect illegitimate use of legitimate credentials and applications. This problem will be a major challenge and not easy to solve.
 

8) Attackers will use cloud for "scale, speed and anonymity"

Attackers will continue to use cloud resources in attacking other organizations, to include brute force attacks, denial of service attacks and agile attacks that involve the rotation of different sites and countries to evade detection. 

Cloud data storage can help enable storage of stolen data that can also be mined for correlations used to identify future victims. Cyber crooks will constantly change accounts, IP addresses, service locations to help hide identities. So don't expect a change in this area in the next two to four years. 
 

9) "Denial of Service for ransom"

Denial of Service (DOS) for ransom will become a common attack against CSPs, who have many tenants and will provide a higher incentive for DoS attacks. As some organizations are completely dependent on cloud, attackers will also have multiple ways of shutting down your business and "access to the cloud," such as disrupting internet connections, DNS services and other supporting infrastructure. 
 

10) Growing impact of successful public cloud data breaches

With exception of credential theft, CSPs will continue to have a higher expertise of cloud security than their customers. So expect the number of successful cloud data breaches to be low. However, the overall impact and consequences to any CSP breach will grow larger as more customers move to the cloud. 
 

11) Growth in IoT devices

The growth in Internet of Things (IoT) will break some cloud security models. As more IoT devices come on line, they will continue to communicate with each other at break-neck speed and trust. Given many reports that IoT standards and controls are severely lacking, the result can lead to vulnerabilities that can be exploited. CSPs will most likely struggle to adapt their current models to the growth if IoT. 
 

Regulatory concerns and vendor responses

The McAfee report further provides related regulatory concerns and vendor responses that can help mitigate threats. 

Expect new customer data protection legislation that will inhibit new cloud adoption. Expect some jurisdictions to impose stricter operating requirements and audit/certifications of cloud services and their third parties, in an effort to protect customers from future potential CSP bankruptcies or malicious cloud services used to collect customer data.

Vendors will evolve and offer better security options to customers to include: multi-factor authentication and biometrics, data loss prevention monitoring and policy orchestration that is "cloud aware," security automation for auditing, and cloud access security broker (CASB) solutions, to name a few.

Cloud security technical and assurance standards will continue to strengthen, to include those offered by The Cloud Security Alliance (CSA), among others. The CSA has developed standards, guidelines, certifications, and best practices for the management of cloud services. 

In conclusion, the cloud will continue to evolve and experience rapid growth. As such, cloud services will be increasingly valuable targets to attackers that will lead inevitably to data breaches. Organizations will need to rapidly adapt by addressing gaps in their cloud-based controls and increase visibility and security in the cloud. 

Also check out our free Small Business Security assessment, a short security questionnaire along with some recommended guidelines you can use in your business to improve security. 

 

Topic: Cloud Computing Security