Protecting sensitive data in the cloud

Personal information is valuable, and not just for those to whom it belongs. It can be a veritable goldmine for cybercriminals. Not only can such information be sold to other criminals, it can be used for targeted attacks, identity fraud and extortion, among other purposes.

This is a big business. In the 12 months to the end of June 2022, for example, ransomware groups stole and released the personal information of hundreds of thousands of Australians as part of their extortion tactics.

This is according to the Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report for the 2021–22 financial year, which also noted that ransomware groups have further evolved their business model, seeking to maximise their impact by targeting the reputation of Australian organisations.

In some cases, the report suggested, a victim will be impacted for the rest of his or her life after the illegal exposure of personal information. Once leaked or sold, the public exposure of such information cannot always be remediated.

And that covers just one sub-group of the cybercrime fraternity.

There are several ways cyber crooks get their hands on individuals’ personal information in their pursuit of ill-gotten financial gain. Ransomware is a particularly popular technique, given its ease of delivery, often accomplished with a simple email to an unsuspecting victim.

Leveraging known vulnerabilities

However, there are plenty of other vectors via which cybercriminals can access and steal others’ personal or sensitive information. Some leverage known vulnerabilities in an organisation’s business software solutions to gain unauthorised access to systems.

Others make use of such vulnerabilities in third-party platforms to gain access to IT systems, as was the case in April 2023, when the Tasmanian Government said it was investigating the theft of data from a third-party file transfer service used by the Tasmanian Department for Education, Children and Young People.

In that attack, at least 16,000 stolen documents were released by the hackers behind the attack, directly affecting some 150,000 individuals, according to the state government, which identified at least 14,000 additional individuals whose data may also have been compromised in the attack.

Other techniques cybercriminals employ to get hold of personal information include social engineering, data scraping, skimming, phishing, smishing, vishing, wireless hacking, fake websites and many more.

Sometimes, however, individuals’ sensitive or personal data might simply be left sitting on an unsecured public-facing data repository. This often occurs as a result of misconfigured cloud infrastructure.

The dynamic cloud attack surface

It should only be expected that the attack surface of cloud-native applications will grow as threat actors find increasingly creative ways to target the misconfiguration of cloud infrastructure, APIs, networks, systems and solutions.

The cloud attack surface sometimes seems as dynamic as the cloud infrastructure, with new potential entry points popping up every time a new workload is deployed. In such an environment, mistakes can be made and potential vulnerabilities missed.

The risks are only increasing as hybrid work takes hold in the wake of the pandemic.

According to data from Palo Alto Networks’ 2023 State of Cloud-Native Security Report, the expansion of hybrid work during the pandemic drove organisations to expand their use of clouds by more than 25% globally. In Australia, 89% of businesses expanded their use of cloud by more than 30% in a 12-month period.

Given cloud breaches frequently stem from misconfigured storage services or exposed credentials, there is a growing trend for cyber attacks to specifically target cloud compute services to steal associated credentials and illicitly gain access to cloud infrastructure.

Against this backdrop, gaining full control and visibility of cloud infrastructure is an increasingly critical element to an organisation’s safe and secure operation. Such capability is no longer a cybersecurity matter, it is a whole-of-business consideration.

However, most respondents in the report indicated that their organisation has a weak security posture and believe they need to improve their underlying activities — from gaining visibility into multiple clouds, to applying more consistent governance across accounts.

When keeping sensitive data safe in the cloud, a pivotal step is eliminating the blind spots. To do this, most organisations start with embarking on a process to discover all cloud assets, misconfigurations and known vulnerabilities.

A consolidated approach to cybersecurity is a good first step to ending blind spots and gaining the visibility needed to spot and fix potential weak links in a corporate network, including the misconfiguration of cloud infrastructure.

A platform approach

Simply unifying data and security controls into a platform approach can go a long way. Disparate tools may cover critical use cases but don’t provide a clear view of risk. By consolidating tools, security teams can automate correlation and tackle the most important security issues across the IT ecosystem.

Moreover, a cloud security solution must provide continuous and near real-time detection of misconfigurations, vulnerabilities and threats across the entire IT ecosystem, including cloud components. Only then will organisations be able to react quickly and effectively if an issue is identified.

Increased awareness will shape the future of cloud security and likely include the consolidation of security tools, investment in processes and personnel, adoption of security best practices and collaboration between organisations and cloud providers to improve security. Yes, there are other practical steps that companies and their team members can take right now to help keep sensitive information safe, including being careful with the information posted on individuals’ social media accounts and keeping an eye out for dodgy-looking emails.

However, a company-wide consolidated approach to security is essential to keep data in the cloud safe from prying eyes. The good news is that most organisations are aware of this. More than 80% of respondents in the 2023 State of Cloud-Native Security Report said they would benefit from a centralised security solution that sits across all of their cloud accounts and services.

Properly protecting cloud workloads and the sensitive personal data they often hold requires a comprehensive and proactive approach that includes investment in technology appropriate for where a business is in its cloud journey. A significant investment in people, processes and the ability to break down silos between application and security teams is also essential.

Considering that not all organisations are at the same stage in their cloud adoption journey, an ideal solution should address immediate security requirements while enabling the business to expand for additional use cases as their cloud maturity increases.

Finally, while fixing misconfigurations and known vulnerabilities can reduce the risk of security incidents, it won’t always prevent an undetected breach. With this in mind, it’s also best to consider adopting threat prevention tactics that can actively block zero-day attacks and contain lateral movement in the event of a breach.

Image credit: iStock.com/Sefa kart