Cloud data breaches are up nearly 45% year over year and are becoming more sophisticated. Unfortunately, IT is struggling to keep up as the nuances of clouds are different. We have reached an inflection point where business as usual – throwing people and money at the problem – is not sufficient. Hybrid cloud implementations require IT to understand the operational differences between cloud providers on top of their own enterprise operations. There is a growing skills gap, and CFOs are pushing back on continued budget increases. Organizations must change their approach to match the security needs of our highly distributed, always-on digital society.
Keysight recently-published the Ixia 2018 Security Report, which highlights the biggest security findings and trends from the past year, as seen and analyzed by our Application and Threat Intelligence (ATI) Research Center.
The report revealed five trends that enterprises must address if cybersecurity is going to keep pace with new threats in the cloud.
How the Cloud Shifts Cybercrime
While 2017 was the year of ransomware, 2018 is the year of cryptojacking —hijacking user devices to mine cryptocurrencies without the owner’s consent. The targets can be anything from consumer devices, like phones and laptops, to enterprise-grade cloud servers.
Cryptojacking offers cybercriminals a high-profit return that is far stealthier than a ransom attack. Researchers have even found code on compromised websites that can secretly be transferred to a user’s device, acting as a source of further attacks.
The report indicates that half a billion people have unwittingly let their devices mine cryptocurrency for others. Critical infrastructures are also a prime target for cryptojacking. Visibility, security, and monitoring strategies need to extend beyond the enterprise or single cloud monitoring to include hybrid deployments. Without a comprehensive approach across multiple cloud providers, applications and computers are vulnerable to being assimilated into the ‘cryptojacking collective’ – unwittily becoming part of an attack army.
The Downside of Encryption
The Internet passed a significant milestone in 2017, when approximately half of all web traffic was encrypted using HTTPS. The hidden tunnels used for HTTPS, and other encrypted services, protects users, but has also become a conduit for hackers to hide malicious traffic inside legitimate looking encrypted streams. This makes detection of malware or abnormal traffic by traditional means much more complex. To combat this, network architects are looking at methods to combine continuous inspection with multi-layered security tailored to the application environment.
The Growing Gap Between Cloud and Security
On average, there were over 4.3 new data breaches every day in 2017, up nearly 45% from the previous year. Many of those attacks had common root causes, including unpatched vulnerabilities, overly permissive security policies, and misconfigurations within cloud accounts or across the organization’s supply chain, allowing access to sensitive data. The biggest issue in the cloud, however, is matching configuration security settings.
In fact, nearly 73% of public cloud instances had one or more serious security misconfigurations. The combination of cloud growth and the high number of security misconfigurations suggests we will see more cloud breaches in 2018. The shift to hybrid cloud requires a parallel shift to multi-layer security approaches to combat the challenges of the ever-expanding attack surface.
Cloud Priorities are Security and Compliance
We love our clouds. They save us a lot in terms of operations cost and maintenance. The cloud is central to today’s IT security landscape. As we would expect, spending on cloud computing is growing, with almost all enterprises now running workloads in one or more clouds. Yet 38% of organizations have cloud users whose accounts have been compromised. It is no surprise that 93% of cloud IT managers are concerned about security.
We see the struggles IT teams face to deliver effective security in a hybrid, dynamically changing, on-demand environment. The Ixia 2018 Security Report revealed that “securing data and applications” and “satisfying compliance requirements” overtook “deploying and migrating applications” as the top public cloud priorities in 2018. Respondents admit that a visibility gap introduced by deployments in public cloud environments is also a key concern, with 88% experiencing issues related to a lack of visibility into public cloud data traffic.
Visibility and Detection an Increased Focus
Cyberattacks can impact revenue as well as reputation. And yet, in the current cyber threat landscape, it is less a case of ‘if’ an organization will be targeted, but ‘when’. Gone are the days of viewing network security as purely an on-premise challenge. The public cloud is forcing a wholesale shift in security architectures to one that must encompass both public and private clouds concurrently, providing a single, correlated view into the hybrid infrastructure.
Traditional perimeter security, including firewalls and intrusion protection, are necessary but not sufficient to protect an organization from advanced attacks designed to sidestep such systems. This drives IT teams to implement zero-trust and least privilege models where the assumption is that the intruders are already within the network. That requires network visibility within, as well as in-and-out of, the network.
Threat detection and analytics are only as effective as the granularity the network infrastructure provides for packet access. The best security architectures offer continuous visibility and layered security that span on-premise, multiple public cloud providers, and that offer the automation and insight to address both the skills gap and the budgetary limitations. Only then, will IT have a chance of keeping pace with the changing dynamics of hybrid infrastructure.
About the author: Marie Hattar is chief marketing officer (CMO) at Keysight Technologies. She has more than 20 years of marketing leadership experience spanning the security, routing, switching, telecom and mobility markets.
Source: infosec island