Up in the air: How to protect against cloud account hijacking

Awareness of the risks that come with cloud computing is essential for any business that utilises it says Luke Brown.

 Luke Brown, VP & GM EMEA, India and Latam, Digital Guardian
Luke Brown, VP & GM EMEA, India and Latam, Digital Guardian

While cloud computing carries with it a wealth of benefits to organisations, from reduced capital costs to on-demand resources, it also creates an environment ripe for cyber-attack. Most cloud storage providers house huge amounts of data in one centralised location. This allows multiple users to access it across a wide variety of devices, which is great for business efficiency. However, being aware of the risks this kind of infrastructure brings is also essential for any business that utilises this king of cloud technology.

What is a cloud hijacking?

Cloud account hijacking occurs when an individual or organisation's cloud account is accessed without permission by a third party. This kind of attack is a common tactic in identity theft schemes, where the attacker uses the stolen account information to conduct malicious activity. However, modern cloud hackers don't even need a username or password. Instead, the attacker can gain access to the cloud account's authentication token through a malicious attachment in an email, online advertisement or browser extension. Once in, they can impersonate the account's real owner whilst simultaneously stealing sensitive information, spreading malicious software and redirecting clients to illegitimate sites.

What are the risks?

Cloud account hijacking at the enterprise level can be particularly devastating, depending on what the attackers do with the information. Company integrity and reputations can be destroyed, and confidential data can be leaked or falsified, causing significant cost to businesses or their customers. Legal implications are also possible for companies and organisations in highly regulated industries, such as healthcare, particularly if confidential client or patient data is exposed.

How can businesses protect their cloud accounts?

There are simple, effective steps businesses and organisations can take to keep their data secure on the cloud. Security conscious professionals should:

  • Check with service providers to make sure they have conducted background checks on employees who have physical access to the servers in their data centres.
  • Have a strong method of authentication for cloud app users.
  • Make sure all data is securely backed up in the event that data is lost in the cloud.
  • Restrict the IP addresses allowed to access cloud applications. Some cloud apps provide tools to specify allowable IP ranges, forcing users to access the application only through corporate networks or VPNs.
  • Require multi-factor authentication. Several tools exist that require users to enter static passwords as well as dynamic one-time passwords, which can be delivered via SMS, hardware tokens, biometrics, or other schemes.
  • Encrypt sensitive data before it goes to the cloud.
  • Implement more secure solutions for cloud account hijacking defence

Businesses should also take proactive steps when choosing cloud service providers. One such step is to carefully review potential contracts and compare the cloud security and data-integrity systems of cloud service providers. Companies should also take a data-driven approach when evaluating potential cloud service providers, including considering the number of data loss or interference incidents a cloud service has experienced. It is prudent to know how often the cloud service provider experiences downtime and how the service provider monitors and manages vulnerabilities. Companies should choose cloud service providers that allow clients to audit the providers' performance in these areas.

Security platforms that extend to the cloud and mobile will further bolster security. Companies should look out for platform capabilities such as end-to-end encryption, application control and continuous data monitoring. Furthermore, the ability to control or block risky data activity based on behavioural and contextual factors involving the user, event, and data access type will add further security layers.

As the threat of cloud account hijacking grows, a data-aware approach becomes more important than ever. Enabling organisations to effectively manage cloud security risks, while capitalising on the benefits offered by cloud computing will create a stronger and more secure business model for the future.

Contributed by Luke Brown, VP & GM EMEA, India and Latam, Digital Guardian