by Bharat Mistry
For the past 12 years, Verizon has been publishing its Data Breach Investigations Report (DBIR). Whilst not the final word on the threat landscape, it always offers some interesting insight into current trends — this year distilled from over 32,000 analysed “incidents” and nearly 4,000 breaches worldwide. That’s why it was interesting to note the uptick in cloud-based threats stemming from external malice and insider error revealed in this year’s report.
The good news is that Trend Micro helps global organisations mitigate both types of cyber-risk; providing peace-of-mind to support employee productivity in a current climate of mass remote working.
What’s happening in the cloud?
Two key themes jumped out at us from DBIR 2020.
The first is the increasing volume of cloud assets involved in breaches: around a quarter (24%) of such events now feature some element of cloud systems or services. In most of these cases (73%), it’s an email or web application server that’s targeted, and 77% of the time attackers use previously breached credentials. This chimes with what Trend Micro is seeing. Our Cloud App Security Report 2019 revealed a 35% year-on-year increase in credential phishing attempts from 2018.
As Verizon argues, this is a reflection of the fact that cyber-criminals will always choose the quickest and easiest route to compromise. As more business processes and data are migrated to cloud systems, the corporate attack surface will continue to expand. This in turn makes it increasingly important for organisations to find trusted security partners to help improve the native protection offered by cloud service providers.
The second major trend we observed in the DBIR is the increasing prevalence of misconfiguration in cloud-based data breaches. Overall, the report claimed that human error accounted for 22% of breaches; a large number of which were down to configuration issues. Typically, cloud databases or file storage systems are exposed to the public-facing internet due to a mistake by a contractor or in-house IT admin.
Tooling up for success
The long-term trend is for more migration to the cloud, more reliance on web applications for remote working, and more complexity as organisations invest in hybrid systems from multiple providers. That means potentially more cyber risk for UK CISOs to manage.
So how can security leaders get to grips with these challenges? Fortunately, there are tools that can help.
Our Cloud App Security offering enhances built-in protection in Office 365, G Suite and cloud file sharing services to block malware and credential phishing attempts. For one customer with 10,000 Office 365 users, Cloud App Security managed to detect and block over 410,000 phishing attempts targeting the company, the vast majority of which (300,000+) were credential-phishing emails.
On the other front, Trend Micro Cloud One – Conformity provides automated security and compliance checks to minimise configuration errors and offer best practice cloud security posture management.
Of course, these two alone won’t automatically solve all of your cloud security challenges. They must be combined with best practices such as end-user training and awareness programmes, multi-factor authentication on employee accounts, least privilege access policies and more. But they’re a great place to start.