As we make our way through Cybersecurity Awareness Month, Bitdefender is continuing our blog series aimed at providing best practices and expert insights to help people and organizations better protect themselves against online threats. This is the third in a four-part series. Read the first blog in the series here and the second here.
One of the biggest trends impacting cybersecurity in recent years has been the growing use of cloud applications and services by both organizations and individuals. Cloud computing was already growing in popularity when the global pandemic in 2020 dramatically accelerated its adoption. As organizations became more distributed and people began working from home during the pandemic, the use of cloud-based collaboration and data sharing platforms skyrocketed. The analyst firm Gartner predicts that by 2025 more than 95% of new digital workloads will be deployed on cloud-native platforms, up from just 30% in 2021. Likewise, people are increasingly using cloud services in their personal lives, such as iCloud, Google Drive, Gmail, Dropbox and many others for storing and sharing family photos, backing up their personal data, and more.
However, as organizations and consumers move their sensitive data and processes to public clouds, attackers are also shifting their attention there. Due to the sprawling nature of cloud and hybrid work environments, it can be difficult for enterprise security teams to gain real-time visibility into their endpoints. Cybercriminals take advantage of this by exploiting known vulnerabilities and common misconfigurations in public cloud infrastructure to gain access to a larger number of organizations. Bad actors need just one weak link amid an organization’s complex mix of endpoints, connected applications and cloud systems to infiltrate the environment. At the same time, cybercriminals also continue to use tried-and-true methods such as phishing to infiltrate organizations and peoples’ home networks. According to the 2022 Verizon Data Breach Investigations Report, around 25% of all data breaches involves phishing, usually in the form of an email posing as a trusted source.
To better understand the unique cybersecurity considerations that come with the cloud, and what people and organizations can do to protect themselves, we spoke with Yasser Fuentes, Technical Product Manager, Cloud Workload Security Solutions at Bitdefender.
Q: Tell us a little about your role at Bitdefender and your background in cybersecurity
As Technical Product Manager for our Cloud Workload Security (CWS) solutions, I work with Bitdefender Labs researchers, conduct my own research, and speak with customers to understand the changing threat landscape, get to know our customers’ needs, explore how the market is evolving, and determine how we can help solve our customers’ business problems.
Throughout my career as a security practitioner, I have had the privilege of working in almost every domain related to information security – from physical security by performing the installation and monitoring of surveillance systems, to working in a global security operations center (SOC), to delivering professional security services for companies, to working as a security analyst, and also as a risk manager.
Q: What trends are you seeing in cybersecurity today?
Companies today are migrating to public clouds in huge numbers, because of the many benefits public clouds can provide. Yet, migration to the cloud also opens an entire new realm of vulnerabilities and threats. From my own experience in speaking with organizations around the world, the vast majority have experienced some sort of attack or data breach within the past 18 months or more. I fully expect that trend to continue, as cybercriminals are ramping up their attacks on cloud infrastructure.
When it comes to the types of attacks we see, there has been a shift. We used to see a lot of data exfiltration events, where cybercriminals steal data and attempt to make money from it, either by extracting a ransom payment from their victim, or by selling the data on the Dark Web. Today, we are seeing a trend where attackers are targeting containerized cloud infrastructure for crypto-jacking campaigns because of the powerful computing resources these environments provide, and because many organizations don’t have full visibility into their containerized and hybrid infrastructures.
Q: What can organizations do to better protect their cloud and hybrid environments?
It’s important for security practitioners in an organization to recognize that developers and DevOps teams are primarily focused on the speedy delivery of the products or software they create. They are not security experts, and we shouldn’t expect them to be. Most DevOps teams will strive to cover the basics when it comes to making sure their products are secure, but they rarely go beyond simply scanning the containers or assets before deployment. The problem with this approach is that there are unknown vulnerabilities or risks, such as zero-day threats, that will not be caught by this type of scan. If organizations using these cloud services or products are not going beyond and performing their own security due diligence, then they are at risk.
Organizations should also remember that regardless of how secure by design your environment might be, or of the claims of the cloud service provider (CSP), you are ultimately responsible for your data. Migrating your data to a public cloud means accepting a shared responsibility model for security. Regardless of the CSP’s framework or service level agreements, organizations must also do their due diligence. They should use cybersecurity solutions purpose-built for cloud workloads to gain an understanding of where they have weaknesses, vulnerabilities and gaps, then do what it takes to close those gaps and reduce the attack surface.
The most important thing is to assess the environment to which you’re migrating, to ensure that the CSP is doing their part in the shared responsibility model. Look at the cloud environment from the standpoints of governance, risk, and compliance. It’s critically important for organizations to understand the public cloud infrastructure they’re migrating to and what security controls are available to them so they can best secure their data and assets within that infrastructure.
Q: What advice do you have for organizations that are evaluating a cloud workload security solution?
First, consider compatibility and make sure you understand the scope of what you’re trying to protect. For example, is it a 100% native public cloud, or a hybrid infrastructure? Next, consider manageability of the solution. What does it take to manage it, and can you consolidate management into one console? The third aspect to consider is visibility. What capabilities are in place to ensure visibility over the entire infrastructure, and what controls are available to ensure you can properly respond when something suspicious is identified. You want a security solution that provides a balance of effective prevention, detection and response, without hindering performance of the cloud computing power.
Q: In light of Cybersecurity Awareness Month, what advice do you have for individuals or organizations to help them become more cyber resilient?
Whether evaluating cybersecurity solutions for your home and family, or for your organization, it’s important to do your research. Begin by making sure you have a thorough understanding of your environment and the culture of your home or company. For consumers, that means making sure you understand your family’s needs and selecting a solution that fits the most common use cases for your family. If you have children, that might mean making sure you have a security solution with strong parental controls. If you have multiple people in the home with smartphones, it might mean making sure you have a good mobile security solution. For businesses, it’s important to understand the culture of your company and make sure the security solution fits the culture. A security control is only effective if it’s aligned to the users. It doesn’t matter how powerful it is if people won’t use it or will look for ways around it.
Lastly, when doing research, I always recommend that people seek out trusted sources and independent, third-party research to help them evaluate their options. The MITRE Evaluations, AV Test and AV-Comparatives are good places to start.