82% of Databases Left Unencrypted in Public Cloud

Personal health information and other sensitive data is left exposed as businesses overlook encryption and network security. The average lifespan of a cloud resource is 127 minutes. Traditional security strategies can't keep up with this rate of change, and 82% of databases in the public cloud are left unencrypted.

These findings come from the RedLock Cloud Security Intelligence (CSI) team's "Cloud Infrastructure Security Trends" report. RedLock today formally announced the CSI team and its inaugural report, which focuses on major vulnerabilities in public cloud environments.

The team analyzed more than one million cloud resources, processing 12 petabytes of network traffic, and dug for flaws in public cloud infrastructure. They found 4.8 million records, including protected health information (PHI) and personally identifiable information (PII), were exposed because best practices like encryption and access control aren't enforced.

"Imagine the day and age we live in," says RedLock cofounder and CEO Varun Badhwar. "You should be using encryption of data at-rest. There is no data out of the reach of bad actors if not secured correctly."

The problem isn't in cloud providers failing to secure data centers, but in organizations failing to secure applications, content, systems, networks, and users that use the cloud infrastructure. "That is where people are not aware, or not investing the right resources," he continues.

Researchers found of the 82% of databases left unencrypted in the public cloud, 31% were accepting inbound connection requests from the internet. More than half (51%) of network traffic in the public cloud is still on the default web port (port 80) for receiving unencrypted traffic. Nearly all (93%) public cloud resources have no outbound firewall rule, says Badhwar.

"You need to have control at the network, configuration, and user layers so it's hard for someone to get in, and harder for them to take your data out," Badhwar emphasizes, adding how weak network controls lead to trouble. "It's like saying, 'I'm going to leave my gates and front doors open, and hope I don’t get robbed,'" he says.

Developers and the team running operations in the cloud need to have secure access, and researchers discovered they often don't.

Businesses are moving to the cloud from on-prem environments where everything underwent a security review and sign-off process before being pushed to production, Badhwar continues. Two hours and 27 minutes, the average lifespan of a cloud resource, is a much smaller window.

"Within that timeframe, the customer has no clue how to get security right because developers are pushing code," says Badhwar. "None of the existing security tools work at the speed of change. Customers have no visibility into the changes pushed to production."

He calls the current cloud environment a "devops-oriented world" in which those who write the code are responsible for pushing it to production. The problem is, those who are making changes within cloud environments are not trained security professionals.

Their lack of expertise brings additional risk, especially with new tech like containers. RedLock researchers found 285 Kubernetes dashboards (web-based admin interfaces) deployed on Google Cloud, Microsoft Azure, and AWS that were not password-protected. There were many cases where Kubernetes systems held plaintext credentials to other critical systems, a vulnerability leaving key infrastructure exposed.

Security recommendations from the report include training developers on security practices for public cloud infrastructure, ensuring services are set to accept internet traffic on an as-needed basis, and setting a default "deny all" outbound firewall policy. You should also automatically discover database and storage resources as they are created in the public cloud, and monitor network traffic to ensure those resources are not directly interacting with internet services.

Don't Forget Basic Security Measures, Experts Say

Some security leaders argue there is little point in worrying about emerging threats when businesses can't defend against today's attacks.

INTEROP ITX - Las Vegas - New technologies like machine learning, artificial intelligence, and IoT will drive the scale and complexity of cyberattacks. Businesses have every reason to be concerned as the threat landscape continues to grow.

But does it make sense to stress over advanced threats when organizations can't defend against the attacks they currently face?

"A lot of the security threats we face day to day are not fancy, sexy, technologically new stuff," says Anthony Aragues, vice president of product management for Anomali. If these issues were written down, they would be perceived as obvious, but they remain problems.

"We're reminding people -- hey, taking the right steps is important," says Diana Kelley, global executive security advisor for IBM Security. "Threat actors are a lot more motivated than they were 15- to 20 years ago."

Today's users are so dependent on software and connectivity that security disruptions will become increasingly palpable going forward, Kelley says. If an operating system is vulnerable, any business in any industry can be at risk. Hackers don't need to discriminate.

Many organizations, especially small- to midsized businesses, don't really plan their security architecture. In her Interop ITX Cybersecurity Crash Course presentation "Securing Your Enterprise Infrastructure," Dawn-Marie Hutchinson, executive director for the Office of the CISO at Optiv, posed a question to a room packed with IT pros: "Who here has a security strategy?"

Silence. Maybe one hand.

"Every organization right now needs help," she said, noting how attacks are getting easier and cheaper to launch, and more complex to face. "We have more information than we've ever had before, about what's coming after us and how," yet most organizations have immature security strategies.

Attitude is at the root of many security issues organizations face today, Anomali's Aragues explains. It's common for businesses to push security issues to one part of the organization and forget about them. The business often sees security costs as overhead that don't bring value.

"The overall trend that bugs me about security is companies expect it to be handled by the security department," he continues. "We're going to have a problem as long as that's the case."

Last week's WannaCry ransomware attack is a prime example of how businesses aren't putting basic security measures in place. They need to be running only updated operating systems - not older, no longer supported ones like Windows XP - and shut off unnecessary system processes.

"We can blame the Shadow Brokers for leaking NSA vulnerabilities, but there's still the issue of people running old operating systems and leaving open services they don't need to have turned on," he continues.

Individuals and businesses are more connected than ever, but they don't have the security awareness to protect themselves. Organizations can't predict the aftershock of a cyberattack when it hits, explains FireEye CEO Kevin Mandia.

"The vast majority of companies really don't know what happens when you pop off the grid," he says. In his Interop keynote, he emphasized how security hygiene is lacking if a server message block (SMB) exploit can infect more than 200,000 machines, as it did in WannaCry.

Will the latest massive, global cyberattack be a wake-up call? It depends.

The companies who will take action following WannaCry will be those who already have a plan, says Aragues. If they had a strategy in mind and only needed a budget, for example, they can now make some real progress. Those who weren't thinking about security before WannaCry will be playing catch-up and fall behind in all they want to accomplish.

Hutchinson urged tech leaders to build stronger relationships with their business teams. You can't create a business-aligned security strategy with lack of expertise and immature programs, she said.

"The way we used to do things doesn't work anymore," Hutchinson explained. "Think outside the box. The most effective moves aren't always the most natural or comfortable."

Organizations should create three lines of defense in their fight against current cyberattacks and new threats on the horizon. She suggested the following:

  • Build a highly trained team: Fight for budgets to attend security-focused events, where your team can learn news and information about threat intelligence.
  • Information risk office and steering team: This division defines and enforces security policies, manages information risk, and oversees industry and regulatory requirements.
  • Internal and external audit team: To ensure all policies and procedures are effective from inside and outside the organization.

How Do I Know If Someone Is Hacking My Computer?

Computer hacks are becoming more and more frequent, with a particular increase over the past year amidst the global coronavirus pandemic.

But how can you tell if your computer has been hacked? 

Here are some of the main signs:

  • Frequent pop-ups. If you start seeing pop-ups in your web browser (and they often appear in sites that don’t usually generate pop-ups) this could indicate that your computer has been infected.
  • Your computer often crashes. Or if it’s not crashing, it’s performing slower than usual. This could be a sign that a malicious virus is lurking in the background and disrupting your machine’s performance.
  • Password changes. Did you receive an email from a bank or other online service asking you to update your password through the link provided? And now you’re suddenly unable to log into the online account? This suggests you may have fallen into a phishing trap, and unintentionally given hackers access.
  • Fake emails are being sent from your account. If a hacker gains access to your email account, they might attempt to send malicious emails to your list of contacts. This doesn’t always mean that your actual computer has been hacked, but if the fake email includes personal details such as your name then it’s possible your system has been infected.
  • Your Google searches are being redirected. This is a common sign that your computer has been hacked. You might frequently be redirected to sites that you didn’t intend to land on.

What to do if you think your computer has been hacked:

  1. Scan your computer with antivirus software – this should detect any viruses or malware infecting your device.
  2. Review all applications and software running on your device. If there are certain apps that you don’t recognise or any that don’t seem legitimate, uninstall them immediately.
  3. Make sure to change all of the passwords for your most important online accounts.
  4. Remove any external drives such as USBs or external hard drives.
  5. If you’re able to, back up your files or add them to Google Drive, and remove your computer’s hard drive. Only do this if you know how to do it correctly.

Malta System can help

If you’re still not sure whether your computer has been hacked, or are not sure how to fix it, Malta System is on hand to assist you every step of the way. Based in Birkirkara’s Business Center, our knowledge and expertise means that we can give you peace of mind, no matter how big or small your IT problem. Get in touch to learn more about our bespoke cyber security services now.

How To Stay Safe Online

Keeping passwords, financial information and personal information safe in a digital world is an increasingly difficult task for both individuals and businesses. Sophisticated cyber attacks are becoming more and more common, with scammers and hackers often targeting vulnerable individuals. So, we’ve put together a list detailing how to stay safe online.

Returning to the Office: a Cyber Security Checklist

It’s been almost six months since lockdown began, and things are slowly getting back to the way they were before the coronavirus pandemic. Many businesses have had their employees working from home since March, but are now encouraging them to return to the office.

If you’re one of the organisations doing just that, you presumably have various measures in place to ensure the health and wellbeing of your staff. But do you have the same measures in place for cyber security?

Cyber security is something that has frequently been overlooked during this pandemic, but it’s important to be aware of the cyber risks associated with a return to the office. To help, we’ve created a checklist of things that can make the transition as smooth as possible, and ensure the safety and security of your network.

1. Organise cyber security training for staff

Before the coronavirus pandemic, policies such as safe disposal of data, keeping files secure and the practice of safely connecting laptops to public networks would have been a regular topic of conversation in the work environment.

Now employees are returning to work, they will need reminding of the necessary security practices within the office environment. They should be prepared for the new threats that could emerge in the near future, which is why a refresher cyber security awareness course would be beneficial to your staff and your business. 

2. Scan and update workers’ devices upon their return

Of course, access to laptops and desktops has enabled a relatively easy switch from office to home for many employees. But whilst working from home, workers who haven’t had to connect to corporate networks through a VPN might not have received the updates that they usually would in the office. This might include the likes of OS, AV, app and GPO updates.

Once those devices reconnect to the workplace network, they could be putting the organisation’s cyber security at risk. But how?

Because of a lack of updates, cybercriminals could be lying dormant on the laptops and desktops that are being used at home. Once these devices reconnect, the cybercriminals could potentially travel through the network and cause damage by releasing viruses and ransomware.

To combat this, we would recommend scanning devices before they reconnect internally, as well as setting up processes that can validate devices returning to the workplace network. 

3. Improve your cyber security practices

There has been a notable increase in the number of cyber attacks during the COVID pandemic, so use this as an opportunity to re-think your cyber security practices and patch up any issues.

Malta System can help you with this. Security measures that we make use of include advanced firewalls, anti-virus software, anti-spam software as well as secure wifi with guest logins.

We also offer bespoke cyber security services, so if you’re looking for advice on operating system updates and reconnecting devices upon your organisation’s return to the office, then we’re on hand to assist you. Get in touch with us today.

About Us

At Malta System we care about customers and the managed IT service we give them, covering every aspect of consultancy, infrastructure design, sourcing, installation and on-going support. We work 365/24 to make it the best we can. Read more…

Terms and Conditions of Use
Privacy Policy

Blogs

Don't Forget Basic Security Measures, Expe...

Some security leaders argue there is little point in worrying about emerging threats when businesses can't defend against today's attacks. INTEROP ITX...

Follow Us

About Us

At Malta System we care about customers and the managed IT service we give them, covering every aspect of consultancy, infrastructure design, sourcing, installation and on-going support. We work 365/24 to make it the best we can. Read more…

Follow Us
               
© Malta System LTD. All Rights Reserved. Vat: MT25228615 - Reg. No: C86361