Loopholes in cloud security exposed online 50 per cent of corporate databases

UC News

Loopholes in cloud security exposed online 50 per cent of corporate databases
Cloud security has grown into a major issue for enterprises, as only one company in six
encrypts all data, according to a Bitdefender survey. Just last month, some 48 million
personal proles scraped by LocalBlox for advertising purposes from websites including
Facebook, LinkedIn and Twitter were accessible to anyone on the internet due to
conguration errors in Amazon Web Services (AWS) S3 buckets. And this was not an isolated
case; the Pentagon, Tesla, Verizon and Dow Jones are among other organisations that have
also fallen victim to data breaches as a result of security loopholes in their cloud storage
services.
A single vulnerable application on the server is enough to give c ybercriminals a perfect entry
point. Zakir Hussain -Director, BD soft, Country Partner of Bitdefender feels that cloud
storage services along with SAAS/webmail providers are among the most targeted by phishing
campaigns, especially in the nance sector, found the Anti -Phishing Working Groups.
Organisations are excited about cloud services because they allow them to back up large
amounts of big data at smaller rates. Even though businesses are widely adopting the cloud,
they completely neglect security and privacy, allowing the attack surface to expand.
Cryptojacking incidents, for instance, have grown by 8 per cent in Q2 2018, with 25 per cent
of companies reporting this type of attack.
Some servers don’t even have passwords, not to mention more sophistica ted security layers,
which is probably why 27 per cent of companies, including Uber, Tesla, OneLogin, Aviva, and
Gemalto, conrmed their accounts and sensitive information were compromised, according to
the same research. What’s more, some 24 per cent are exposed to major security risks
because their public cloud has not been patched. Over the past 12 months, vulnerabilities in
cloud security infrastructure have already compromised MongoDB, Elasticsearch, Intel and
Drupal, and more will follow because comp anies opt for hybrid cloud strategies that require a
sophisticated security architecture.
Corporate databases are not properly encrypted. The industry did not really need a study to
determine this, but some validation is always welcome to hopefully make en terprises more
security -conscious. With GDPR right around the corner, it appears more companies are
struggling to secure their networks to be compliant and fend o incidents.