There was a sense of deja vu this April when Alon Gal, a security researcher at cybersecurity firm HudsonRock, tweeted that personal data from 533 million Facebook accounts was leaked online for free. A BusinessInsider report later said it verified several of the records, which were from 106 countries, including 6 million in India. The data included user “…phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.”
This wasn’t the first data breach, and it certainly won’t be the last. According to 2019 Q3 Data Breach QuickView Report, there were 5,183 breaches reported in the first nine months of 2019 exposing 7.9 billion records. The numbers have only increased exponentially since then.
For instance, data from over 500 million LinkedIn users—including user IDs, full names, email addresses, phone numbers, professional titles, and other work-related data—has been hacked, according to security news and research group CyberNews. While LinkedIn clarified that the data set does not include sensitive information like credit card information or social security numbers, the fact remains that the leaked data could help hackers use the email addresses and phone numbers to spam or even loot people online. Users can see if their data has been compromised by the incident by accessing sites like Have I Been Pwned (HIBP) (https://haveibeenpwned.com/), which list major data breaches.
That said, our own research reveals that data breaches take place almost daily but remain undetected for almost 270 days on an average.
Data breaches can prove expensive to users since hackers are bound to use the information for social engineering (advanced phishing), scamming, ransomware, spamming and marketing, causing users immense amount of distress and financial losses too in many cases. Companies, too, must bear the brunt in terms of brand reputation and penalties. The UK’s data privacy watchdog, the Information Commissioner’s Office (ICO), for instance, fined the Marriott Hotels chain £18.4 million last year for a major data breach that may have affected up to 339 million guests in 2018.
The pandemic, which has accelerated the process of digitilisation in enterprises, has ironically accentuated these cyber maladies too. Moreover, as workers increasingly work from home, they begin accessing more data in the cloud, calling for increasing security measures in companies and on user devices that access this data.
In this context, it’s first important to define the cloud. Companies may be using public cloud services that could include software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS). They could also host their data on their premises–a trend known as private cloud. Or they could be using a combination of both the private and public cloud services–a trend known as Hybrid cloud.
Each of these situations demand a nuanced cloud strategy since the cloud provider and cloud customer will share different levels of responsibility for security of the data. Further, the solution that a security vendor will provide needs to detect and respond to security risks in real-time, regardless of where the user is operating from — home, office or travelling.
While no vendor can claim to possess any silver bullet that can provide blanket cloud security, it’s important that companies know the location of their data; what data they have stored in the cloud; who has access to it and whom are they sharing it with, and on which device.
Here’s what works for most clients. First, the solution should provide an intuitive user-interface that enables visual analytics, a multi-dimensional view of the data, and tools to slice and dice information in ways that will enable companies take speedier action when an anomaly is detected.
Second, cloud-native applications rely on the environment for telemetry–the automatic collection and transmission of data to centralized locations for subsequent analysis. Hence, the solution should allow not only for cloud telemetry but also for telemetry for the data that resides on end-point devices like smartphones, tablets and laptops that are being used by workers who are travelling or at home. Third, these endpoint devices can be powered by Linux, Windows or Mac, which implies that solution should be operating system agnostic.
It’s important to note that artificial intelligence (AI) systems can be used to identify and predict attack patterns, thus dramatically increasing the response time. The problem, though, is that if a company is using a basic machine learning (ML) system, which has been trained on historic data, this system will be unable to spot new threats since hackers too are using AI systems.
Retraining your workforce, as consultancy firm McKinsey notes, is another critical aspect of cybersecurity. This is important since the typical technology workforce of an enterprise is trained in developing business applications in the traditional IT framework but most of them need to be reskilled or upskilled for the cloud environment, McKinsey insists.
All these issues become critical since with the fifth generation, or 5G networks soon to replace 4G networks, cloud security will become more vital especially when it comes to protecting end-user devices. The reason is that 5G connects more devices than earlier technologies, expanding the surface for cyber-attacks and making it riskier for companies.
Hence, the sooner companies address these issues, the better. There’s no point in bolting the stable after the horses flee.