The Alert Logic 2015 Cloud Security Report found that there is a wide divergence of threats by industry, hackers view cloud targets as easier prey, and more.
What do hackers want to steal from your company, and how will they attempt it? That depends on the kinds of data you have, and how you primarily transact your business: online or face-to-face.
Alert Logic explains in its 2015 Cloud Security Report that cyberattackers are changing their tactics based on industry. An online retailer or financial services firm will more likely face attacks on its external web apps with customer credit card information as the target, whereas an oil company or a manufacturer with minimal online presence can expect to deal with more traditional hacking methods focused on proprietary data.
Also in the report, Alert Logic notes an increase in cyberattacks on cloud environments due to the popularity of public cloud solutions, and recommends two main approaches for protecting your firm's IT environment, which I discuss below.
Alert Logic provides security solutions for on-premises, cloud, and hybrid infrastructures. The Texas-headquartered firm built up the data for the report from its customer base, analyzing over 800,000 security incidents in 2014, from more than 3,000 organizations around the world.
Cloud vs. on-premise
No surprise here: in 2014, more enterprises migrated their infrastructure to the cloud, and cyberattackers have taken note. Alert Logic reports that hackers view cloud targets as easier prey, and the authors believe that to a certain extent, the hackers are correct.
Some enterprises have the false notion that cloud infrastructure (IaaS) providers fully take care of security concerns — they don't. Alert Logic recommends the "shared security" model: knowing where IaaS security measures end and where your firm has to place its own defenses.
Cyberattacks on cloud environments grew significantly over the previous year, while the number of attacks against on-premise infrastructure stayed "relatively flat." The growth figures for 2014 cloud attack methods are:
Alert Logic recommends these two ways to enhance your firm's cloud security.
- Know the shared security model: Cloud providers, such as Amazon Web Services (AWS), typically have security controls that include physical, perimeter network and hypervisor layer. IaaS customers need to secure their own applications, data, and network infrastructure that are located in that external cloud environment. Your IT security plan under the shared model has to include technology, information, people, and processes.
- Understand your threat profile: Your industry, degree of online interactions, the applications you run, and the kinds of data you own will determine the types of attacks that hackers will initiate against your enterprise. Knowing that and your compliance requirements will drive the kinds of security solutions that you need to focus on.
The authors caution that on-premise attacks have not stopped — there is just more effort being put into compromising cloud environments. The "relatively flat" trend comes as no surprise to Alert Logic: hackers have experience penetrating on-premise infrastructures and will keep using what they consider to be effective methods.
And since on-premise environments will not disappear in the near future, Alert Logic issues this warning:
... it is important that organizations continue to invest in their security framework for all of their physical data centers, applications, and mission-critical infrastructure.
The report authors stress that successful attacks on internal, on-premise applications can give hackers the "keys to the kingdom," i.e., user credentials. With these, "the attacker has unfettered access to an organization's application and the valuable data it can access," resulting in information theft over a considerable period of time, and, quite possibly, damage to a company's reputation.
Divergence by industry
The main takeaway of the report is the "even wider divergence of threats" when Alert Logic reviewed cybersecurity incidents by industry. Alert Logic found that the biggest factors determining attack vectors are a company's online presence and how it interacts with its customers. In addition, they concluded that the amount of online interaction was an even more significant factor than a firm's IT environment.
The report's authors use the example of an e-commerce company compared to a heavy equipment manufacturer. The e-commerce company needs multiple pathways for customer interactions via mobile devices, and also processes numerous customer transactions each day, all of which makes it a target for hackers seeking credit card data.
The equipment manufacturer has fewer online interactions, and its sales are based mainly on formal, in-person meetings. There is little of value for hackers to steal in its customer-facing applications — the real "gold" for cyberattackers is its proprietary data, such as confidential product designs and financial information. Hackers would take the company's internal data and try to sell it to the manufacturer's competition.
Alert Logic sums up this industry difference trend by writing that:
Businesses with a large volume of online customer interactions are targets for web application attacks to gain access to customer data. Businesses with few online customer interactions are more likely to be targeted for their proprietary company data, not their customer data.
For more details, download the Alert Logic 2015 Cloud Security Report.