Cyber Defense eMagazine September Edition for 2022 #CDM

More documents

Recommendations

Info

• Adoption of remote working culture Another major reason that emerged for surge in attacks on the cloud is rise in adoption of remote working. Very few organizations adopted this culture before the Covid-19 pandemic. However, the outbreak of the pandemic became the primary factor for a considerable rise in implementation of remote working or work from home culture in organizations across the world. According to the survey by Gartner, nearly 88% of the total organizations across the globe provided remote working option to cope up with the pandemic. Organization have found that there are many benefits such as lowered operating cost and improved productivity with remote working facility. CoSo Cloud survey highlighted that there was 77% increase in productivity of employees with remote working. The trend of remote working persisted post-pandemic. Nearly 16% of organization adopted fully-remote mode of operation, according to Owl Labs. Though this number is less, it will increase considerably in the coming years. The cloud is the most feasible option for ensuring the smooth operation in the remote working culture. This shows that the cloud adoption will increase as more and more organizations adopt fully-remote culture. It will make the cloud platforms a target for attacks as cyber-criminals will try to exploit vulnerabilities and pose different types of threats. These major reasons will increase the need for cloud security. Various cloud security measures will be implemented by organizations to strengthen the safety of data, ensure seamless operations, and improve cost-efficiency. The demand for innovative and strict cloud security measures will increase in the coming years. According to the report published by Allied Market Research, the global cloud security market is estimated grow considerably in the next few years, owing to rise in demand for managed security services and surge in dependence on cloud-based services. Let us now look at major types of cyber-attacks on the cloud and how they can be prevented: • Prevention of data breaches Data breach is one of the major ways hackers are attacking the cloud. The huge data breach shook LinkedIn in 2012. More than 100 million users were affected. Their usernames and passwords were stolen and put on the internet black market for sale. Similarly, Yahoo reported that nearly 500 million users were affected due to data breach in 2014. This is the result of improper access management and the losses may be irreparable. The simple solution is to introduce multi-factor authentication. Social media companies such as Facebook began this practice. Nearly every social media, banking, and other organizations began implementation of two-factor authentication. Yahoo introduced Yahoo Account Key that eliminated the requirement of password and surged the protection measures. Organizations need to ensure that that they have a specific access management layout. This implies that the marketing department in the organization does not have an access to the finance department credentials and protocols. This layout will help in ensuring the proper management of access points. Another way to avoid the data breach is to put firewall restrictions in place. This firewall will allow the authorized personnel only and detect the suspicious activities. It is not necessary that the threats will be made from outside sources only. The existing or former employees, partners, and contractors can utilize their ability to carry out various activities such as data loss, data breaches, credential leakage, system downtime, and others. Organizations need to provide access of critical systems to employees based on Cyber Defense eMagazine – September 2022 Edition 148 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
trustworthiness and accountability. Moreover, misconfigured cloud systems must be fixed on priority. Regular analysis for providing authorization and validation to certain personnel should be conducted. This will prevent data and financial losses. Moreover, it will maintain the credibility among your customers for keeping their data and information safe from potential threats. • Ensuring proper security of APIs Application programming interfaces (APIs) allow two applications to connect, interact, and transmit data. These APIs provide an access of software platforms to third parties. Owing to weak authentication at the gateways of these APIs, the sensitive data may become vulnerable to hackers. Many hackers are always focused on exploiting APIs and steal the user data. In June 2021, LinkedIn reported that its APIs were utilized to steal the data of nearly 500 million users. The data was put on dark web for sale. For prevention of such leaks, cloud security providers must ensure that there is an integrated security. Moreover, there must be proper management, monitoring, and security of “front door” of the cloud. There should be avoidance of reuse of API key along with the usage of standard and open API frameworks. The utility programs that override the network, systems, and applications must be restricted. The access to APIs must be segregated and the access to specific users needs to be provided for preventing data tampering and disclosure. • Awareness and prevention of denial-of-service attacks Though scalability is one of the crucial benefits of the cloud, it may become a liability if the cloud system is overloaded and stops its operation. This may become one of the crucial cloud security risks. Many hackers are not trying to gain access to the system, but trying to stop the working of the system. This will frustrate users as they will not be able to utilize the system. This type of attack is known as denial-ofservice attack (DoS) and it disrupts the workflow. Sony's online PlayStation store was attacked in a similar manner in 2014. The brute force attack was utilized in this hack attempt and the online store was down for nearly a day. Many organizations that have their workloads on the cloud will be attacked in the same way to stop their daily operations. Such DoS attacks can be prevented in various ways including updating intrusion detection systems, blocking IP addresses, and firewall traffic inspection. The system must be able to determine anomalies when users try to access the system and early warning needs to be provided. On the basis of anomalies in credentials and behavioral aspects, the system can provide early alarm to ensure cloud security. Moreover, the suspicious IP addresses should be blocked. Security teams can also inspect the incoming traffic. The source and destination of incoming traffic can be inspected and firewall can be placed by differentiating the good and bad traffic. Such security measures can be taken to prevent the cloud systems from hackers and cyber-criminals. The cloud adoption will surely increase in the next years and the need to deploy stringent security measures to prevent different types of attacks will rise consequently. With increased awareness, Cyber Defense eMagazine – September 2022 Edition 149 Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Critically Important Organization?
Page 3 and 4:
How Can Businesses Build Customer C
Page 5 and 6:
@MILIEFSKY From the Publisher… We
Page 7 and 8:
Welcome to CDM’s September 2022 I
Page 9 and 10:
Cyber Defense eMagazine - September
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Critically Important Organization?
Page 25 and 26:
• Factors and metrics to consider
Page 27 and 28:
Zero Trust Momentum Seventy-six per
Page 29 and 30:
Information Warfare and What Infose
Page 31 and 32:
Influence: Surface and measure the
Page 33 and 34:
ecording a 10% hike from 2020 findi
Page 35 and 36:
5G Technology - Ensuring Cybersecur
Page 37 and 38:
on a great scale, the newness of th
Page 39 and 40:
Are Cyber Scams More Common and How
Page 41 and 42:
Antivirus Software Keeping your com
Page 43 and 44:
Avoiding the Risks of Ransomware St
Page 45 and 46:
• How are you protecting home fie
Page 47 and 48:
Black Hat Trip 2022 - Perception Po
Page 49 and 50:
compared to legacy sandboxing solut
Page 51 and 52:
Building A Layered Plan for Battlin
Page 53 and 54:
The Challenge of Hyperconnected Fra
Page 55 and 56:
Can Cloud Telephony Services with M
Page 57 and 58:
software with an organization’s c
Page 59 and 60:
Crack The Code Cybersecurity Workfo
Page 61 and 62:
Photo Cred: Photo Cred: UofL Cybers
Page 63 and 64:
More information on the Cybersecuri
Page 65 and 66:
Virtual training addresses the high
Page 67 and 68:
How Can Businesses Build Customer C
Page 69 and 70:
associated access entitlements. A z
Page 71 and 72:
have been able to quickly get servi
Page 73 and 74:
How To Guard Critical Infrastructur
Page 75 and 76:
2. Control endpoint privileges. No
Page 77 and 78:
especially when maxed out on events
Page 79 and 80:
It Isn't Your Daddy's Oldsmobile An
Page 81 and 82:
Full and Systematic Vehicle Cyberse
Page 83 and 84:
Long-Term Impacts A Data Breach Can
Page 85 and 86:
Encrypt data and update software re
Page 87 and 88:
Perception Point has been built as
Page 89 and 90:
company developed a 24/7 managed In
Page 91 and 92:
Government agencies varied broadly
Page 93 and 94:
About the Author Marc Kriz is a Str
Page 95 and 96:
Looking at the two studies over a f
Page 97 and 98: Patch Zero Days In 15 Minutes Or Be
Page 99 and 100: Advanced SQL Behavioral Analysis fr
Page 101 and 102: New normal, new problems The “new
Page 103 and 104: About the Author Ivar Wiersma is th
Page 105 and 106: world attacks on open-source softwa
Page 107 and 108: Protecting The Enterprise in The Di
Page 109 and 110: About the Author Anurag Lal is the
Page 111 and 112: Market potential GitHub claims to h
Page 113 and 114: The Implications of Zero Trust for
Page 115 and 116: Integrating Zero Trust at the Data
Page 117 and 118: Threat Modeling: Bridging the Gap B
Page 119 and 120: What’s next for threat modeling?
Page 121 and 122: 2. Adopt trust security Consider ho
Page 123 and 124: 7. Secure your dependencies As you
Page 125 and 126: Top Trends in Cyber Security Post-P
Page 127 and 128: improve cybersecurity. As the conne
Page 129 and 130: The migration of electronic healthc
Page 131 and 132: About the Author Coley Chavez is th
Page 133 and 134: A tool to make money Cybercriminals
Page 135 and 136: Using Identity for Access Is a Huge
Page 137 and 138: Never make your own keys - physical
Page 139 and 140: What We Have Learnt Building a Glob
Page 141 and 142: Businesses transact with, rely upon
Page 143 and 144: Why CSOs Are Decluttering Their Cyb
Page 145 and 146: The Middle Ground To effectively co
Page 147: • Surge in utilization of cloud s
Page 151 and 152: Why Throwing Money at Cybersecurity
Page 153 and 154: 2. Automated Analytics The human pr
Page 155 and 156: SSL VPNs are available as stand-alo
Page 157 and 158: About the Author Timothy Liu is Co-
Page 159 and 160: Preparing Having never been to mult
Page 161 and 162: Overall, this was a great conferenc
Page 163 and 164: One of the unique things about DefC
Page 165 and 166: Of where I was able to spend time a
Page 167 and 168: In the end, DefCon was by far one o
Page 169 and 170: they have. I was happy to share my
Page 171 and 172: Cyber Defense eMagazine - September
Page 189 and 190: CyberDefense.TV now has 200 hotseat
Page 191 and 192: Books by our Publisher: https://www
Page 195: Cyber Defense eMagazine - September
show all

Cyber Defense eMagazine September Edition for 2022 #CDM

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?