Hacktivism is one of the single-biggest threats to cloud adoption. Verizon’s latest Annual Data Breach Investigations looked at 855 data breaches in 2011 and reported that 3 percent of the breaches could be attributed to hacktivists. The number may appear insignificant and may not elicit stress from CIOs. However, the fact that 56 percent of all user data involved in the breaches — 100 million user records of the total 174 million — was a result of that 3 percent may be strong reason for worry.
Hacktivism is largely the work of groups with political or social motivation to break into computer systems and networks. Hacktivists use a variety of means to deface, block or bring down websites, use tools that result in denial-of-service (DOS) attacks and steal/delete/alter user information (passwords, credit card data, enterprise data, etc.).
A July 2012 report in USA Today said that such attacks grew by almost 70 percent in the first six months of 2012 versus the same period in 2011. Add to this the fact that cloud infrastructure could well be more porous than what is within the walls of your enterprise, and you will know the degree of risk you are exposed to. Often, cloud services are shared between users creating what is popularly known as shared technology vulnerability. Cloud providers have APIs and software interfaces that are used by customers that could prove to be security holes. And cloud services could be located in geographies that have poor security norms and very little legislation to protect organizations from the risk of a breach. All said and done, cloud environments require greater security attention.
The question that begs an answer is: what are the key measures and responses to have in place to mitigate the risk of an attack and its subsequent outcome on your cloud infrastructure?
Securing your data and applications — and indeed, your very business — in a cloud environment is not complex. It requires planning, execution and preparedness to address the challenge.
Top 10 Fundamental Anti Hack Measures
- Do not move data or applications that could put your core business at risk or cause reputation damage if compromised into a public or hybrid cloud environment
- Encrypt all sensitive data in a cloud environment
- Build in redundancies to ensure zero downtime from malicious attacks
- Identify the cloud systems and services that are at risk from hacktivists and build continuous security monitoring and prevention around the systems and networks
- Ensure stronger authentication and access control for cloud infrastructure
- Ensure that your cloud provider separates and isolates your resources from that of other customers
- Examine and address the API dependencies
- Create secure backups for all critical data and application
- Create a security group comprising legal, risk management, HR, Public Relations and IT that regularly reviews new threats from hacktivists and builds methods to mitigate the risk
- Take regular vulnerability audits seriously
Having said this, virtual and physical security of the provider’s entire infrastructure (not just the measures you deploy for your own infrastructure as stated in the 10 points above) is equally important. Have you visited the cloud provider’s infrastructure? Or, at the very minimum, have you asked for — and thoroughly examined — the security policies and protocols your provider has in place? Take a look at some of these pointers to help you along:
- Personnel/ employee/ visitor/ third-party maintenance and provider management: What policies and protocols are in place to manage the screening and monitoring of personnel to the facility?
- Virtual Access Control: What are the policies and protocols that determine access to the provider’s virtual infrastructure (storage, virtualized infra and network)?
- Physical Security Management: What are the policies and protocols in place to ensure physical security of the infrastructure?
Finally, don’t hesitate to ask that sticky question: What are the breaches the provider has had in the past and how were they handled?
That said, it is always better to be prepared for security breaches. In the event of a hacktivist attack on your cloud infrastructure, be prepared with strong and open communication aimed at those affected by the breach. A well-prepared PR department could help mitigate reputational damage in the marketplace, with customers, partners, stakeholders and employees.
Obviously the IT and PR teams need to work closely. This is a new equation that needs to be built within organizations that have traditionally never had to have the PR team deal with the IT team to understand IT security nuances and their implications. Conversely, IT teams need to be sensitized to the PR requirements.
The new collaboration required could put some stress on organizational systems. But these are the imperatives of building and running modern enterprises that must be appreciated and put in place quickly.