Q&A: Cloud security requires a proactive approach

We recently spoke to David Thompson, Senior Director of Product Management at LightCyber, about what businesses need to be aware of in the world of cloud security.

1. What's the current state of play for cloud security?

As an infrastructure, cloud may be potentially more secure than what companies are able to achieve in their own self-run data centres. At the same time, a public cloud data centre offers a number of places for a network intruder to hide and orchestrate a data breach or some other malicious activity. 

These hiding places gives attackers additional means to gain access to networks and customer assets or avenues to exfiltrate data or communicate back to cybercriminals. In addition, the reconnaissance and lateral movement that are part of an attack leading up to a data breach have been hidden in the cloud.

2. What types of attacks do companies need to be most aware of?

Any company or organisation with customer data, confidential information, intellectual property or other valuable assets needs to protect those things. The reality is that a motivated attacker can break into any network and gain control over any data centre, whether it is on-premise, private cloud or public cloud. 

While prevention is still essential it is not at all possible to successfully deflect every attacker. The new security imperative is to be able to detect an attacker by their operational activities as soon as possible. If done quickly and accurately, an attack can be curtailed and a data breach prevented. Insider attacks and external attacks are similar. Once an attacker gains control of a user account or machine, they essentially become an insider.

Whether the goal is theft or damage, attackers still need to conduct some form or process of reconnaissance and lateral movement to gain control of assets.

3. Are there any trends you're seeing regarding certain industries of geographies being targeted more than others?

Healthcare is a big target, but there is also quite a lot of intellectual property theft, and most of it goes unreported. Cybercrime is an equal opportunity offender. All industries are potential targets. The fact is that less than one per cent of large and medium-sized businesses have the ability to find an active attacker on their network.

The industry average for dwell time, or the amount of time an attacker can stay undiscovered, is about five months. While there have not been many reported attacks using a public cloud data centre, the blind spots there increase an intruder’s likelihood for success.

4. From a security point of view, what are the benefits of choosing public cloud over private?

From a security perspective, you have experts managing infrastructure in a way that typically has more focus and sophistication than what is generally achieved in private. So the infrastructure itself potentially offers a higher level of security. At the same time, the public cloud data centre extends the attack surface and avails an intruder with blind spots from which they can work unobserved.

5. How important is it for companies to take a proactive approach to cloud security?

If you are not proactive about security, you will be a victim and face the consequences of your loss. The odds are quite good that, if you have valuable assets on your network, you will be attacked. At some point, companies will face greater penalties and legal judgements if they fail to employ basic procedures and use widely available solutions in the ability to find an active attacker before damage can occur.

For many companies and organisations, a data breach or damage to assets could put them out of business through the direct costs, as well as the loss of customers and damage to brand.

6. What basic steps should companies be taking to help keep their data secure?

Employ the best preventative security and combine it with the ability to detect attackers. In other words, use the best solutions and practices to keep intruders out, but have realistic expectations that an attacker could gain access to your network - and be prepared with behavioural attack detection.

Image Credit: Everything Possible / Shutterstock