The shift to remote work in 2020 caused many changes to the cybersecurity landscape, not the least of which was the astronomical increase in cloud platform usage. By April, companies’ use of cloud services rose by 50%, and Microsoft reported a 775% increase across its cloud platforms. Unfortunately, alongside this meteoric rise comes an equally significant concern for cloud security; as companies shift operations to the cloud, hackers are following suit.
Cloud security vulnerability in 2020
According to McAfee’s Cloud Adoption and Risk Report, cloud attacks increased by 630% between January and April of 2020, highlighting just how quickly bad actors began taking advantage of increased usage. The vast majority of attacks occurred on “collaboration” platforms like Microsoft 365 and Zoom, targeting the fastest-growing and most popular apps. Many of these attacks focused on credential theft and a hacking method called “spraying,” a tactic that tests common passwords against known usernames, looking for random hits.
Why are cloud platforms such easy targets? For one thing, the sheer number of additional companies and users utilizing those platforms last year created a much larger target than ever before. When you consider attack methods like spraying, the more people that use a particular platform or application, the more potential victims there are. With a 600% increase in use, an increased success rate in attacks on those users was inevitable. For another thing, the very nature of cloud computing can make cloud services more vulnerable to attack. Though the cloud is physically more secure than many networks, the large number of applications and databases and increasingly complex configurations are difficult to manage and monitor, and can expose vulnerabilities that hackers can exploit.
Cloud platforms and remote workplaces
But the biggest culprit behind the ease of these attacks may just be closer to home; in the quick shift to remote work, how many companies really took the time to ensure cloud security? Among a thousand other tasks, most security teams likely didn’t or couldn’t prioritize configuring adequate security restrictions, not to mention instructing end users in how to securely manage their profiles.
More than likely, these threats are not going to abate anytime soon. As remote work continues, so will the use of and shift to cloud services. And as long as those cloud platforms are a worthwhile target, they will continue to get hacked. If our hope is to avoid more of the same in 2021, the solution is fairly simple: We need to prioritize cloud security. But with so many attacks in our wake, where do we start?
Cloud security best practices
Unsurprisingly, applying basic cybersecurity best practices is a great first step. If you’re an end user, make sure passwords are strong and that you’re not reusing them across different accounts.
If you’re a security admin, your job may be a bit more complicated. As The Washington Post notes, most cloud security breaches occur because the cloud system is misconfigured. What proper configuration actually looks like may vary, but it is crucial that admins and developers restrict access to data, change default settings that may leave the system “open,” and enforce the principle of least privileged access, in which admins and users only have access to system features they actually need to do their job.
Finally – and this applies to everyone – education has never been more important. If 2020’s security faux-pas taught us anything, it’s that security awareness is one of the first things to go when life gets hectic. Unfortunately, as 2020 also amply demonstrated, hackers will take advantage of every oversight.
Thankfully, the solution is simple. Taking the first step of recognizing that cloud security is important and that cloud threats are real will go a long way. So will educating yourself and your employees. As cloud usage increases and the threat landscape changes, it’s important to stay up-to-date on current threats and the actions we can take to avoid them.
If you’re responsible for choosing or administering security training for your organization, prioritize cloud security. In 2021 and beyond, recognizing what cloud security looks like and how you can participate will continue to be a crucial task.