Head in the cloud? Why it’s time to get smart on cloud security

By Scott Nicholson, CEO at Bridewell.

As critical national infrastructure (CNI) organisations race to improve agility and operational efficiency, more and more are turning to the cloud. In fact, global cloud expenditure has increased by 33% year on year to $62.3 billion (£52.9 billion) in the second quarter of 2022.

Many organisations are already embracing cloud for the delivery of operational (OT) solutions. However, as adoption of cloud increases, so too do the inevitable risks. Most cloud services are designed to make data sharing easier across multiple channels, which allows for hybrid working but also expands the attack surface area and gives cyber criminals bigger targets to hit.

Meanwhile, recent Bridewell research has found that many organisations do not have the skills or technology needed to maintain visibility and security of cloud environments, with managing cloud cyber security architecture now considered a top five challenge. With threat actors continuing to innovate and exploit cloud vulnerabilities, organisations need to mature their cyber security architecture – and do so fast.

How cloud-ready are organisations?

The widely discussed cyber skills shortage presents an ongoing challenge across industries. Now, migration of data and applications to the cloud has only widened the gap, due to the increased complexity of the cyber security landscape. The issue of skills acquisition is causing some head-scratching amongst cyber decision-makers in CNI, with over two-thirds (68%) agreeing it has become harder to recruit the right resources to secure and monitor cloud-based systems.

As cloud infrastructure becomes ever more distributed and interconnected, it is of critical importance for organisations to understand and appreciate cyber security risks from the implementation stage onwards. However, Bridewell research also revealed that 4 in 10 decision-makers admit to not having the skills to monitor threats in the cloud. This suggests that many organisations are turning to the cloud as an enabler without having sufficient skills in place to manage the resulting security risks.

Cloud misconfiguration remains a top attack vector. This is evident in the Bridewell research and was demonstrated significantly when a lone hacker perpetrated a massive data breach against Capital One by exploiting the misconfigurations and excessive privileges common in many cloud environments. Misconfiguration is also a highly effective bait for skilled criminal groups to deploy ransomcloud - attacks that target or take advantage of weaknesses or legitimate functionality in cloud resources to deploy malware, encrypt data and extort money from businesses.

Attacks against cloud infrastructures can devastate business operations and even endanger national security if deployed against CNI. This is why cloud security should be front and centre of any organisation’s cyber security plan. Before diving head-first into the cloud, organisations need to put robust measures in place to mitigate evolving cyber threats.

Cutting through the fog

Perhaps the crux of the problem is that currently many organisations are struggling to gain the visibility they need to detect and respond to threats in the cloud. Traditional security operations centres (SOCs) now require at least 40 different tools to cover the cloud and every other possible vulnerability, each of which needs to be expertly configured, supported, and monitored 24/7. This complexity has left over a quarter (26%) of organisations doubting they have the right skills to respond to cyber threats quickly and effectively.

There is also an opportunity to drive improvements with the right technology. Currently, only 36% have a security information and event management (SIEM) platform – a crucial tool that helps organisations recognise and pre-empt potential security threats and vulnerabilities – while just 42% have deployed a cloud access security broker and only 46% are using cloud storage services with in-built ransomware protection.

Organisations now have the opportunity to reverse this trend and gain a detailed view of all activity in the cloud. While education will always be key to mitigating cloud-based cyber threats, organisations also need a singular view of site level OT traffic and vulnerabilities to protect cloud and SaaS assets and analyse user and identity behaviour. This centralised approach is particularly important as IT and OT continues to converge.

A more proactive, intelligence-led posture

Protecting operations in the cloud need not come at the expense of business mobility. There are clear steps organisations can take to enhance their asset management, vulnerability management, and threat detection capabilities, all the while balancing operational uptime and security requirements.

The key lies in non-intrusive network-based detection mechanisms. With the appropriate technology in place, including strong endpoint, email and cloud app detection and response capabilities, organisations can secure their critical assets and data no matter where they are on their cloud transformation journey. Furthermore, leveraging a central SIEM/SOAR platform allows any alerts to be monitored 24/7, so that an automated response can be implemented where sensible. This capability can be complemented further with threat intelligence services to provide early warning of potential attacks.

It's an unfortunate truth that any organisation in the cloud is at risk of a cyber breach. But organisations can manage this risk by developing a more proactive cyber security posture to effectively detect and respond to evolving threats in the cloud. This involves becoming hypervigilant to a diverse range of cyber risks and moving to a position of assumed breach to increase maturity and resilience. Utilising and sharing cyber threat intelligence can also transform an organisation’s state of readiness to prevent, detect, and respond to cloud security threats.

As cyber threats in the cloud continue to rise in sophistication and complexity, it is vital that organisations adopt an intelligence-led security stance to develop a clear, holistic view of cyber security across IT, OT, cloud, and end user devices. By getting smart on cloud security, organisations can now embrace new technologies with greater peace of mind as they move applications and services out of physical environments and into a digital one.

By Justin Reilly, CEO, Impero Software.
By Michelle Grafton, Regional Head of Solution Specialists ESA, Iron Mountain.
By Dr Lucie Kadlecová Senior Associate at CybExer Technologies & Scholar on State Sovereignty in Cyberspace
By Daniel dos Santos, Head of Security Research, Forescout Vedere Labs.
By Christopher Rogers, Technology Evangelist at Zerto a Hewlett Packard Enterprise company.
OpenText has released results of the OpenText Security Solutions 2022 Global Small-Medium Business (SMB) Ransomware Survey. Findings show growing concern about ransomware attacks, the impact of geopolitical tensions and rising inflation rates. Eighty-eight percent of respondents noted they are concerned or extremely concerned about an attack impacting their business.
By Leyton Jefferies, Head of Cyber Security Services, CSI Ltd.