Today's Forecast--Cloud Jacking With Threat Of Third-Party Access
By: Jim Stickley and Tina Davis
April 16, 2021
Cloud security has become a growing concern now that more organizations depend on the cloud for data storage; much of it since the surge in remote work. What should be a safe outlet for storing data has become a growing security threat for companies that assume all is well in the cloud. Cloud jacking, when an organization’s cloud account is stolen or overtaken by an attacker, is on the rise. The biggest reasons for these attacks are often unchecked third-party access to the cloud and misconfigured default settings. Organizations allowing high-level third-party access and those that don’t review cloud settings before making it live are risking malicious attacks including identity theft, ransomware, and many more.
Stats Crazy!
Research by Wiz Security made up of 75% customers and 25% vendors, sheds light on cloud jacking attacks and what usually precedes them. A staggering 82% give third party vendors elevated privileges to cloud data, most without realizing it. If these settings aren’t checked beforehand, any number of vendors and their employees have unfettered access to the cloud. Checking third-party access settings is critical, yet 76% of companies don’t realize their vendors have an elevated level of access. That amount of data allows for an entire account takeover should it fall into the wrong hands. Crazy as it seems, 90% of those in charge of IT and cloud security don’t even realize their vendors have access to their cloud data.
Cloud Settings Check
Unnecessary access and misconfigured cloud settings are the biggest threats to cloud security. As such, the two most helpful allies of cloud data security are:
1: Limiting cloud access only to those who need it for their jobs, including limiting third-party access if necessary.
2: Review cloud default settings before making the cloud active. Jumping on the cloud bandwagon has its risks, especially when default settings aren’t checked. Many organizations have suffered data loss simply because the default cloud access setting was on “public” and not “private.” A simple check could help avoid a cloud jacking event and the devastating repercussions for a business when their data falls into the wrong hands.
Doing Nothing = Not an Option
Since cloud use continues to grow, doing nothing about cloud security is no longer an option. A smart policy of checking settings and limiting access is the most basic, but important security check an enterprise can do. Taking additional steps can help bolster cloud security and are always recommended. Requiring all employees have strong passwords is a start, but we know there are still those who don’t follow that practice. Adding MFA (multi-factor authentication) is a simple and effective way to restrict data access by unauthorized employees and vendors. Anticipating security weaknesses overall helps secure data, including that in the cloud, and makes it more difficult for an attacker to access.