In its latest annual security report, Check Point Software reflects on what has been a volatile twelve months in the cybersecurity sector. The threat landscape is more complex than ever before, and risks remain at an all-time high.
In this article, Eli Smadja, security research group manager at Check Point, discusses the need for a new approach to cloud security in 2023 and why simply offering training courses is not enough.
There is a constant need for vigilance when it comes to cybersecurity within the cloud environment and, while the shift to hybrid working was an unavoidable pivot after the pandemic, it also made it easier for cybercriminals to exploit businesses through their supply chain network. When comparing the past two years, we have seen a significant increase in the number of attacks per organization on cloud-based networks, which went up by 48% in 2022 compared with 2021.
In addition to vulnerability exploitation attempts, cloud environments have become both the source and target of security incidents and breaches that involve improper access management, sometimes combined with the use of compromised credentials.
In March 2022, the ransomware gang Lapsus$ announced in a statement on its Telegram group that it had gained access to Okta, an identity management platform. Lapsus$ has a history of publishing sensitive information, often source code, stolen from high-profile tech companies such as Microsoft, NVIDIA, and Samsung. However, this time, the actors claim their target was not Okta itself, but rather its customers.
Following the breach, Okta released an official statement revealing that approximately 2.5% of their customers were affected by the Lapsus$ breach – around 375 companies, according to independent estimates. Okta, a cloud-based software, is used by thousands of companies to manage and secure user authentication processes, as well as by developers to build identity controls.
This effectively means that hundreds of thousands of users worldwide could potentially be compromised by the company responsible for their security.
What’s the reason for the increase in supply chain attacks?
An agile, limitless storage space, the cloud allows users to store sensitive data and undertake complex tasks that cannot be done on traditional servers, which makes them an attractive proposition for cybercriminals.
According to Gartner, 60% of organisations now work with over 1,000 third-party suppliers, all of which are critical to their success but will leave users vulnerable to an unprecedented level of risk. Gartner also predicts that by 2025, 45% of organisations worldwide will have experienced cyberattacks on their software supply chains, three times as many in 2021.
Organisations are also still struggling to sufficiently secure new cloud environments implemented during the pandemic, and simultaneously securing legacy assets which were added during the lockdowns, with no real means to ensure that all of them are secured.
Added to that complexity, this accelerated cloud adoption has exponentially increased the use of third-party applications and the connections between systems and services, unleashing an entirely new cybersecurity challenge.
Cloud security is complicated further by many enterprises using multiple cloud-based solutions, each with specific security settings. With multiple platforms and multiple users, there’s only one outcome – chaos. It is difficult to have visibility into all the integrations between an organisation’s cloud applications, as the average enterprise uses 1 400 cloud services.
Why cloud security should be a priority in 2023
Cloud platforms represent a goldmine for malicious actors, especially when you consider the size of many organisations’ cloud supply chain networks. Once a hacker has gained entry, they have carte blanche to act however they choose. This could be anything from injecting malicious content to infect users or wiping all data stored within a particular platform.
Ensuring the security protocols of cloud platforms are set up correctly should be a priority for organisations and their supply chain networks, otherwise, their data and their client’s data are at significant risk.
The misconfiguration of cloud platforms isn’t a new issue, it currently affects millions of users and is often the result of a lack of awareness, proper policies, and security training. But how can organizations address the issue? Simply increasing employee awareness and training isn’t enough.
Conducting meaningful testing alongside robust security measures is the only way to better protect organizations from the threat of cloud supply chain attacks. We practice fire drills, so why not cyberattacks?
Here are simple tips to ensure your cloud services are secure and your supply chain is protected:
* Amazon Web Services (AWS) – AWS CloudGuard S3 Bucket Security. Specific rule: Ensure S3 buckets are not publicly accessible. Rule ID: D9.AWS.NET.06
* Google Cloud Platform – Ensure that Cloud Storage DB is not anonymously or publicly accessible. Rule ID: D9.GCP.IAM.09
* Microsoft Azure – Ensure the default network access rule for Storage Accounts is set to deny. Rule ID: D9.AZU.NET.24
Furthermore, adopting a third-party security solution that prevents attacks on web applications via fully automated services will strengthen not only your security posture but that of your supply chain network also. Using a service such as this eliminates the need to manually edit rules and write exceptions every time a software update is required. It also scans infrastructure-as-code and source code to stop threats before they become major incidents.
Cloud supply chain attacks will continue to be a feature of the cybersecurity landscape in 2023, so ensuring your organization has a robust approach to cloud security is a priority. It is important that you recognize not only the technological needs of your operations but also continue to educate your employees about the potential impact errors can have on the wider organization.