WALTHAM, Mass., Sept. 26, 2017 /PRNewswire/ -- By now, it's a
familiar story: A company puts massive amounts of data on a remote
cloud server – then someone finds a way in, gaining access to
sensitive business documents or the personal information of
millions of people.
It happened to Verizon. It happened to WWE. It happened to the
political data company Deep Root Analytics. Most recently it
happened to the accounting firm Deloitte, according to a news
report that said hackers tapped into the company's email system
simply by logging on as an administrator.
And it will keep happening, experts say, especially when
companies neglect data security in their eagerness to convert to
the cloud.
"They inherently believe they get all these magical properties
of security by moving (to the cloud), and it just doesn't happen,"
said Josh Douglas, Raytheon's chief
strategy officer for cyber services.
Cloud computing is an increasingly popular option for
businesses. The cloud-services market could generate as much as
$236 billion in revenue by the year
2020, according to Forrester Research. The reasons are clear: The
cloud cuts the cost of hosting and maintaining on-site servers, it
allows employees to work seamlessly from anywhere, and it adjusts
to the size of the organization.
But just like any other connection to the internet, it creates
ample opportunities for cybercriminals to attack, Douglas said.
"As we tell our clients, cloud computing puts your information
on someone else's computer," Douglas said. "So it's vital to
protect the cloud exactly as you would your own servers."
The Verizon, WWE and Deep Root Analytics breaches all appear to
stem from improper cloud-security settings; media reports on all
three incidents said the databases were accessible to anyone who
had the URL. In the Deloitte breach, news reports said the
attackers signed onto a server that required only a login and
password – less protection than many people have on their social
media pages.
A common measure known as "two-factor authentication" would
require both a login/password combination and another means of
verifying identity, such as a fingerprint or PIN code that appears
on a secondary device.
"It is a basic part of cyber hygiene, and while it might not
have prevented the intrusion altogether, it would have at least
slowed the attackers and forced them to use more sophisticated
methods," Douglas said.
Douglas said other common mistakes in converting to the cloud
include failure to scan old code for vulnerabilities, failure to
segregate systems and forgoing "red-teaming," also known as
adversary emulation testing, where security consultants play the
role of hackers and attempt to breach systems critical to the
business.
But data security in the era of cloud computing isn't just about
setting things up correctly – it's also about the behavior of
employees, said Matt Moynahan, CEO
of Forcepoint, a cybersecurity company jointly owned by Raytheon.
Using technology to monitor employee
activity, identify possible errors and sniff out
malicious intent can help reduce risk, he said.
"Regardless of whether organizations are securing data using
on-premises or cloud-based technology … organizations need to
balance protecting privacy and understanding how their employees
interact with critical business data and intellectual property,"
Moynahan said.
Even with all the risks cloud computing can present, businesses
shouldn't fear conversion to the cloud. Companies often
over-correct after cybersecurity problems, with security measures
so strict they impede the growth of business. That, Douglas said,
is also a mistake.
"If the pendulum swings too far to the right, security puts a
standstill to the innovation and technology," he said. "It's
important to adopt things like clouds, because that innovation is
what helps our society grow."
www.raytheon.com
View original content with
multimedia:http://www.prnewswire.com/news-releases/in-cloud-computing-more-data-loss-on-the-horizon-300526222.html
SOURCE Raytheon Company