An employee caused data breach and what to do about it.

Cyber security threats to the Cloud Infrastructure can transpire from both within outside of and businesses, corporations, and organizations. In fact, according to the CyberSecurity Watch Survey conducted on over 600+ businesses, government agencies, Security professionals and consultants, 21% of cyber-attacks were caused by insiders.

In fact, according to the survey:

  • 33% of the respondents believed that insider attacks were more costly and damaging to business entities;
  • 63% of the respondents claimed that the most common inside attacks were unauthorized access to and use of corporate information and data;
  • 57% of the respondents believed that the unintentional exposure of private or sensitive data continues to exist;
  • 37% of the respondents felt that viruses, worms, or other malicious codes were launched by inside attacks;
  • 32% of the respondents also felt that the most dangerous insider attack threat was that of the theft of Intellectual Property.

A majority of the respondents firmly believed that the vulnerabilities to a Cloud Computing Infrastructure to a malicious insider attack are as follows:

  • Unclear roles and responsibilities;
  • Poor enforcement of role definitions;
  • Need-to-know principles and methodologies were not effectively  applied;
  • AAA vulnerabilities;
  • Server, IT Systems and/or OS vulnerabilities;
  • Inadequate physical security procedures;
  • The impossibility of processing data in encrypted form;
  • Software application vulnerabilities and/or poor patch and software upgrade management techniques.

What are the types of Cloud threats?

1. The rogue Network Administrator:

They have the privilege to steal unprotected files, brute-force attack over passwords, and download sensitive customer information and data from the victim business, corporation, or organization.

2. The Malicious Insider:

They can exploit the vulnerabilities of a Cloud Computing Infrastructure in an attempt to gain unauthorized access to confidential data in an organization; and ether selling this sensitive data or use the information for their own future businesses transactions.

3. The  Malicious Insider whom use the Cloud Computing Infrastructure to conduct nefarious activity:

They carry out attacks against their own employer’s IT infrastructure. Since these kinds of insiders are familiar with the IT operations of their own companies, the attacks are generally difficult to be traced using forensic analysis.

Online Cyber Security Threats

Cloud computing services provide users and business entities with very powerful processing capabilities and massive amounts of storage space.  For example, Netflix leases computing space from Amazon Web Services (AWS) to provide subscription service for watching television-based programs  and movies. Dropbox offers cloud storage service to customers and businesses alike for storing terabytes of data.

However, in the meantime, the sensitive information and data that is stored on a Cloud Computing Infrastructure thus becomes an attractive target to online cyber theft.  In fact, according to the analysis of data breaches of 209 global companies in 2011, 37% of information/data breaches cases involved malicious attacks. The average cost per compromised record is $222.

The covert stealing of information and data stored on a Cloud Computing Infrastructure also occurs on social networking sites, such as Twitter, Facebook, and Linked In.  According to a recent USA Today survey, 35%  of adult Internet users have a profile on at least one social networking site.

However, the private data that is stored on these Social Media Sites can be hacked by online cyber thieves, provided that they find a to access the Cloud Computing Infrastructure upon which these Social Media Sites are hosted on. For example, LinkedIn, the world’s largest professional networking website that has well over 175 million subscribers, reported that their password database was compromised in a security breach.

Online cyber attackers could also use stolen passwords to launch malicious attacks against the subscriber base of these Social Media Sites.  For example, Dropbox confirmed that its users were victims of a spam attack  Usernames and passwords stolen from the Social Media Sites were used to sign in covertly into Dropbox accounts.

Online Cyber attackers could also take the advantage of the computing power offered by cloud computing service providers to launch massive Cyber-attacks. For example, the AWS EC2 cloud service was used by hackers to compromise private information and data about its user base. By signing up Amazon’s EC2 service with phony information, the Cyber attackers then rented a virtual server and launched an attack to steal confidential information and data from Sony’s PlayStation Network.