Technology / #DSCloud16: It’s not just cyber criminals who want access to your cloud
#DSCloud16: It’s not just cyber criminals who want access to your cloud
15 June 2016 |
With a growing number of potential attackers and ever more sensitive data being stored, cloud security is a bigger and more important challenge than ever before.
Speaking at Data Security in the Cloud 2016, security expert Graham Cluley said he has been in the industry for 25 years and things have come a long way.
"We now have this incredible fluffy marketing concept of 'the cloud' because 'the internet' was too scary for people," he said. "I think sometimes there is some value in going back in time and looking and some of the things that have happened in the past."
Cluley told the story of a bank robber who was put in prison. Faced with a 30-foot wall in the way of escape, he got a 45-foot ladder with the help of prison guards and climbed over. It is a saga the he compared to cyber criminals trying to break into the cloud.
"That is increasingly where we are putting our most valuable and sensitive information," Cluley said. "We are stuffing it into the cloud."
He said although the industry and commentators talk about “the next wave of cyber crime”, the bad news for them is that it has actually already begun.
“We are not just dealing with kids and common and garden criminals these days,” Cluley said. “There are a lot of other attackers out there as well.”
He said most businesses are now running multiple websites that are much more sophisticated than the “digital brochures” of the past – these are now programs with bugs that can be a point of attack for hackers.
The type of data that can be stolen is also more sensitive, he explained. For instance, people have had their fingerprint data stolen in breaches, which may be disastrous when biometrics become more common in future.
“There is a fundamental difference between your password and your fingerprint,” Cluley said. “If you lose your password you can change it any time you want. If you lose your fingerprint you are stuck with it for life, and indeed beyond.”
And it is not just criminals and enemy hackers stealing data, he emphasised. We know the US National Security Agency and British GCHQ, for example, were taking advantage of firms’ insecure cloud services to intercept supposedly private data.
“There is a huge amount of spying going on, and it’s not just the big organisations,” Cluley said. “So the next wave of cyber crime is coming from these guys – governments and law enforcement – who are using the same tactics as the hackers to spy and snoop… And if you have not properly secured your cloud you can lose this data.”
As such, firms need to make sure they get their security right in terms of access and encryption to protect the data they hold against attacks from both governments and hackers, he said.
“Encryption needs to become a default,” he said. “Rather than asking yourself why are you encrypting this data, you should be asking why you should not encrypt that data.”