Authors: Hana Dervisholli and Temi Ogunkanmi.
We have seen an increase in the size, scale and impact of cyber-attacks and data breaches. Incidents have grown rapidly; particularly as cyber criminals have experienced increasing success through ransomware attacks. The probability of being attacked has drastically increased, putting pressure on CIOs, CISOs and wider security teams.
How do you manage this ever-growing threat? As an experienced security leader, you are expected to keep your organisation and information secure. In practice, the defences and processes deployed are now insufficient for the scale and complexity of modern attacks. There are various security solutions available that make it difficult to understand and select which is appropriate for your organisation. There is also the internal scrutiny and pressure on which solutions to procure, what recommendations to consider and the associated risk implications.
Many clients that we work with, have engaged with Gemserv after experiencing a data breach or been victim to a coordinated attack. They all had an impressive tech stack, clear processes, policies, and alignment with core security requirements. But where did they go wrong? In most cases, the breach was related to data transits and integrations within the cloud, whether it was at a point where a deployment was misconfigured or at a stage where legacy and new systems were feeding into the cloud.
Cloud breaches
An IBM report published in July 2021, showed that those who had a hybrid cloud approach had lower data breach costs ($3.61 million) than those who had a primarily public or private cloud approach. However, on the other side of the coin, cloud related breaches are increasing in scope. Consider Russia’s hacking success, with the widespread Sunburst Cyber Espionage Campaign, demonstrating just how vulnerable the cloud can be if risks and vulnerabilities are not properly managed. In our experience, clients who had best practice security controls in place had lower breach costs and could withstand the spread of an attack. They had an effective defence in depth strategy, where their critical assets were all adequately identified and protected.
Most companies that we work with mention that they employ a defence in depth strategy, but in nearly all cases, there are numerous critical assets that most of us fail to consider or prioritise for micro-segmentation. An increase in your cloud adoption and tech stack increases the potential entry points for vulnerabilities, meaning all stakeholders are swimming in unchartered water, while being heavily reliant and interconnected with third parties. Cloud deployed workloads must be carefully configured to ensure they are not unnecessarily exposed to the internet and more threats. The interconnectivity and reliance on third parties is difficult to keep track of and if the supply chain is not managed appropriately, it leaves businesses open with several potential attack surfaces exposed.
Why are we seeing more exploits than ever before?
Defence in depth strategies need to be embedded into an organisation. This begins with identification and categorisation of risks and assets and relies on a balance between investment in Governance, Risk Management, Prevention, Protection, Detection and Resilience controls. However, the effort that is needed to facilitate and coordinate the activities required is often greater than the company can resource. With such a gap, some companies rely on cyber insurance, however, the premiums are extremely high, and you may find that the terms don’t provide as much security as originally hoped for. The cyber security insurance market is relatively new and could be unsustainable in the future, due to low levels of past data for predictions and ransom values booming higher than ever before. IBM also detail that ransoms increased to $4.24 million on average, the highest number in the 17-year report history.
As a security professional, you need to take a step back and re-examine your entire ecosystem to identify where the current gaps are, particularly with recent cloud deployments. The most common attack vector remains phishing and credential exploits, which emphasises the need to mitigate the threat to colleagues within your organisation. Cyber security training and staff awareness are parts of a defence in depth approach that are often neglected but are key to mitigate against social engineering threats that can result in a credential leak and the hacker gaining administrative access to your system or network.
Cloud Security Assessment
We have been working with high-security defence, public and private organisations for over 20 years, with over 50 consultants who work with the latest technology to secure our clients’ ecosystems and manage risks with third parties. We work with clients on technology integrations, cyber security and data protection best-practice strategy and implementation, training and awareness and, penetration testing to help mitigate the various cyber risks. We also conduct risk assessments of the wider IT ecosystem and more importantly than ever, Cloud Security Assessments, to provide a comprehensive report and remediation plan.
Using the Cloud Security Assessment, we can help you to identify vulnerabilities and further secure your infrastructure, utilising a zero-trust defence in depth framework and strategy that has been implemented with high stake organisations across the UK.
Get in touch with us to find out more cloudsecurity@gemserv.com