Malware: securing the cloud against a growing threat
Malware: securing the cloud against a growing threat

According to Gartner, current corporate cloud adoption rates suggest that "no-cloud" policies will be as rare in 2020 as "no-internet" policies are today. This is largely because the flexibility and efficiency offered by cloud services are simply too beneficial for businesses to ignore.


However, the cloud isn't without its challenges. In light of recent malware attacks, security is one commonly cited area of concern. The interconnected nature of the cloud means that malware can rapidly spread. across the devices and apps that house an organisation's data – provided that appropriate security measures aren't in place. Unfortunately, the vast majority of IaaS offerings and SaaS apps lack built-in protection against malware.


As more files and devices become infected, business IT environments quickly become minefields that even the most skilled security experts can struggle to navigate. To succeed in the era of the cloud, organisations must understand how they can defend against these threats.


Three key points of cloud vulnerability


Because the cloud is highly interconnected, failing to secure even one vulnerability can have significant consequences. In particular, malware is sure to strike when the below points of weakness go unprotected.


1) Uploading data from a compromised endpoint: Unmanaged endpoints with access to corporate cloud apps pose a significant threat to the enterprise. Because organisations lack control over these devices, they are unable to enforce regular malware scans. If files are not properly scrutinised when these endpoints upload data to the cloud, infections can easily make their way into organisations' cloud apps.


2) Downloading infected files: Infected files at rest in the cloud are typically the result of the compromised endpoints described above. Without robust threat detection at download, unsuspecting employees may accidently pull malware from trusted applications onto their corporate and personal devices. Once these endpoints are compromised, using them to upload files to the cloud will further spread the infection.


3) Communication between connected apps: Connected cloud apps can improve organisational productivity. However, their automated communication and data transfers can spread existing infections from one app to another, making them a major point of vulnerability. Unfortunately, most cloud apps lack native, or built-in, malware protection. Because of this, it is likely that many corporate SaaS app instances contain malware that is waiting to spread to connected applications.


A recent Bitglass study found that one in three corporate instances of popular cloud apps contained malware. Additionally, after discovering a new piece of ransomware and performing various tests, Bitglass found that Google Drive, Microsoft SharePoint, and sixty-two of the top anti-virus engines could not detect the zero-day threat. In light of how many companies rely on standard AV tools and built-in cloud app malware protection, these statistics are quite worrying.


The fight against malware begins with education


Like many other business practices, effective cloud security begins with employee education. Careless and ignorant workers put organisations' cyber-security at risk far too often. Fortunately, thorough education can make them far less prone to the kinds of mistakes that allow malware into the corporate network. Because of this, regular cyber-security seminars and workshops should be a mandatory pillar of employee training. In this way, security is kept top of mind and employees are kept up to date with the ever-changing cyber-security landscape.


Top tips for preventing the spread of malware


In addition to ensuring that employees are well educated in cyber-security, there are additional best practices that can help prevent malware from impacting organisations' cloud systems.

·       Keep up to date: Updates to operating systems, plugins, and browsers (across mobile and desktop), often contain critical security patches based on the latest research and testing. Employees must download and install these updates as soon as they become available. Failing to do so can leave security gaps completely exposed.

·       Use more than endpoint security: Any vulnerability, no matter how small, is a target for malware. Organisations leave themselves open to attack when they focus solely on installing threat detection tools on employees' devices. While endpoint security is necessary, it is not sufficient.


Plugging every vulnerability within a cloud-first enterprise can be very challenging. Fortunately, this is where ‘smart' malware defence technologies can be incredibly helpful. This technology can monitor for threats and secure the three vulnerabilities mentioned previously – that is, when infected files are uploaded to the cloud, downloaded to devices, or at rest within cloud apps. Machine-learning based solutions can even detect brand new, zero-day malware by analysing file behaviours and characteristics.

·       Stay vigilant: All employees should constantly be on the lookout for potential threats to corporate security. Whether they are sent by outsiders or fellow employees, emails containing suspicious attachments or links should never be opened and must promptly be reported to IT.


Staying ahead of the threat


As use of the cloud continues to proliferate throughout the business world, organisations need to remain committed to protecting their data. While the overall strategies behind cyber-attacks remain the same, the specific ways that they are executed are continually refined and altered to be more effective. As hackers continue to learn how to improve their  attack methods, staying one step ahead of them will become even more challenging.


For example, fileless malware has been growing more prevalent and advanced in recent years. This threat is highly dangerous because it can take control of a system without needing a user to download a malicious file. Instead, it utilises the software and apps that most businesses use every day. As a result, many such threats are almost undetectable to a number of security solutions.


For cyber-criminals, the cloud represents a new frontier in which they can attack businesses through increasingly sophisticated malware. Fortunately for those tasked with defending their organisations, robust cyber-security in our cloud-first world is, in fact, obtainable. Through employee education, strategic cyber-security investments, and constant vigilance, the threat posed by malware can be kept at bay. The biggest mistake businesses can make is to assume that they are safe and become complacent.


Contributed by Anurag Kahol, CTO, Bitglass


*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.