CCB/U4 Topic 1 Cyber threats in Cloud Computing
- Data breaches. The risk of a data breach is not unique to cloud computing, but it consistently ranks as a top concern for cloud customers.
- Human error. According to Jay Heiser, research vice president at Gartner, “Through 2020, 95% of cloud security failures will be the customer’s fault.”
- Data loss with no backup. An accident or catastrophe can lead to the permanent loss of customer data unless there are measures in place to back up that data.
- Insider threats. A recent research report noted, “53% of organizations surveyed confirmed insider attacks against their organization.”
- DDoS attacks. Distributed denial-of-service attacks pose significant risks to cloud customers and providers, including lengthy service outages, reputational damage, and exposure of customer data.
- Insecure APIs. As the public “front door” to your application, an API is likely to be the initial entry point for attackers. Use pen testing to uncover security weaknesses in the APIs you use.
- The multitenancy nature of the cloud (where customers share computing resources) means shared memory and resources may create new attack surfaces for malicious actors.
- Account hijacking. Using stolen credentials, attackers may gain access to critical areas of cloud computing services, compromising the confidentiality, integrity, and availability of those services.
- Advanced persistent threats. Many advanced persistent threat groups not only target cloud environments but use public cloud services to conduct their attacks.
- Spectre & Meltdown. Attackers can exploit Meltdown to view data on virtual servers hosted on the same hardware, potentially disastrous for cloud computing hosts. Spectre is even worse—harder to exploit, but harder to fix too.