Since the beginning of the global COVID-19 pandemic, the FBI has seen a dramatic increase of approximately 300% in cybersecurity complaints. Globally, losses due to cybercrime have exceeded $1 trillion, and to exacerbate an already dangerous landscape, the World Economic Forum stated in their 2020 Global Risks Report that only .05% of cybercriminals are caught and prosecuted. Business awareness and resilience are critical to maintaining continuity of operations, securing sensitive data, and preventing cyber breaches.
With Covid demanding an increase in levels of remote work and increasing dependence on digital devices, cyber threats have continued to become more sophisticated and frequent. People were suddenly and unexpectedly thrust into a remote working environment and many remote networking capabilities were not as shielded as on-premise IT infrastructure. This rapid shift exposed many security gaps that were vulnerable to exploitation. The technological changes that shaped the workplace in 2020 are highly likely here to stay, which mutates and increases the cyber threats that organizations face. New threats coupled with accelerated ad-hoc cloud adoption solutions for remote worker enablement have resulted in a major uptick in misconfigured and exposed cloud computing environments.
Cloud Computing Attacks
Globally, the cloud computing market is expected to grow to approximately $266 billion in 2020. During the pandemic, the economy witnessed a 50% increase in cloud use in almost every industry.
The growth in the Public Cloud market is an attractive target for cybercriminals, who attributed to 7.5 million external attacks on cloud accounts in just the second quarter of 2020 alone.
Furthermore, since the beginning of 2021, the number of the attempted breaches increased by 250%. Malicious actors can easily scan for exposed servers configured with default credentials, exploit unpatched systems and perform brute-force attacks, while others will deploy ransomware or steal sensitive data. Blackbaud, a notable cloud service provider, was the victim of a massive ransomware attack that resulted in the theft of sensitive information from millions of users globally. Blackbaud paid the ransom and was subject to many lawsuits.
The conundrum that most organizations have found themselves in is accelerated digital transformation initiatives due to the pandemic, a lack of skilled cloud computing resources, and the need for cybersecurity practices to leap from an afterthought to the forefront of IT projects. This heavy-lift is demanded due to the projected increase and expectations of quality remote workers and the modernization of application and infrastructure delivery. This paradox is particularly true in organizations targeting multi-cloud hybrid environments with modern cloud delivery pipelines.
How can Rapid Strategy Help?
While the threats and constant breach media are certainly intimidating, the good news is that a lot of these risks can be minimized and potentially mitigated by having a few fundamental and hygienic security controls and procedures in place.
When dealing with securing cloud infrastructures and modernizing cloud operations, the primary objective should be to understand concepts of cloud computing, the various platforms, and how those platforms are leveraged in modern environments. You will not be able to effectively build modern solutions with a legacy toolkit. To get started, here is a burndown list of items to focus on in prioritized order.
Understand your adopted service models (SaaS, PaaS, IaaS, Serverless)
Prioritize initial efforts on Identity & Access Management
Protect data from the bottom up and BYOK if possible
Adopt your platform’s best practices for credential management
Focus on scalable visibility by leveraging native tools provided by the CSP
Deploy a shift-left approach to security
Rapid Strategy aims to partner with you on your journey to provide fast and effective risk reduction strategies and controls to your cloud environment. We can quickly assess the state of your current cloud solutions and provide you with strategic and targeted risk-based controls. Contact us to accelerate your cybersecurity!