In this series “INSIGHT: The Technical Director’s Perspective” I’ll share my years of hands-on experience to demystify the Cloud and help you gain control over your IT roadmap. In this entry to the series, Chris shows how to stop internal Cloud threats.
Short on time? Watch this 30-second overview.
Threats to Cloud Computing:
Insider attacks pose a much larger threat than organisations are prepared to handle. Roughly 70% of your employees have access to data and other areas they shouldn’t – increasing the likelihood of a data breach. A breach that could cost your business thousands of pounds in downtime, fines and reputational damage.
To find out how safe your data is in a datacenter, read our post “Data centre security: How safe is your data?”
That’s how a disgruntled employee at Morrisons was able to steal and leak the personal data (such as names, addresses, salaries and bank account details) of 100,000 of his colleagues.
And how an insider compromised the records of 547,000 global Bupa customers, 43,000 of those believed to be British.
It’s not just global brands such as Sony and Yahoo that fall victim to cyberattacks, brands closer to home fall victim to cyberattacks too. In a recent study by Crowd Research Partners, 53% of organisations confirmed that they had experienced an insider attack in the last twelve months.
So, how can you protect your business from insider attacks?
What you can do to minimise Cloud Computing Threads:
Audit
The first thing to do is to audit your organisation’s access control policies. Do this for all members of staff – no matter what role they are in. Everyone from new starters to senior managers can be an insider threat, whether intentional or not. This especially applies to contractors who are often given full staff privileges with little to no oversight.
You need to identify what data each group of staff needs access to and more importantly, what data they can currently access that they shouldn’t. For instance, can the marketing team access payroll files? A thorough audit will help you identify problem areas quickly and create ‘access control groups.’
Change your mindset
After discovering which members of staff have more access than is necessary for their role, you need to change the organisation’s mindset. Moving forward, your business needs to shift towards a ‘minimum access’ policy. This helps to protect your business by simply decreasing the number of people who can access sensitive data.
Insider Threats pose a much larger threat than organisations are prepared to handle. You need to be aware of your business’ ‘surface attack area’, which includes every possible way an attacker could use to gain access to your systems.
Revoke access
Now you have a better understanding of who has access to what and where your business is vulnerable, revoke access where it isn’t absolutely necessary. Make sure even senior members of staff only have access to data they need.
By adopting a minimum access policy and revoking unnecessary access, you’re closing off a lot of the paths an attacker could use to gain access to your systems. Paths such as compromised Admin accounts or phishing attacks.
Integrate Two-Factor
Integrate Two-Factor for Identity and Access Management. Enforcing 2FA lowers the risk of malicious access. Even if users ignore best practice in favour of convenience by choosing weak passwords.
A recent case for needing Two-Factor or an equivalent solution is the Deloitte data breach. This breach was the result of compromised Admin accounts, giving attackers unfettered access across the entire network. Attackers usually target these accounts because they hold ‘all the keys to the Kingdom’.
An excerpt from the Guardian Article “Deloitte hit by cyber-attack revealing clients’ secret emails” reads: ‘The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”. The account required only a single password and did not have “two-step“ verification, sources said.’
Had Deloitte integrated 2FA, they could have stopped attackers from gaining access to their systems.
Conclusion
There are many things businesses need to do to protect their data. Being aware of and proactively minimising the threat of an insider attack are just two of those things. Hopefully, this guide provides you with actionable insight that can help you protect your sensitive data from an insider attack. Whether it’s from a malicious or merely careless employee.
Contact us if you have any questions or want to discuss how you can stop internal cloud threats for your business.
