7.1 Description of ThreatOne of the biggest problem that causes this threat is that companies that engage cloud services expect their cloud service provider to take care of their security and they may even have promise of that from their cloud service provider. For this reason, they are putting great trust in the promise that their cloud service provider is addressing their cloud security when that may not actually be the case. Thus, companies are becoming more complacent towards risk clearly because they trust their cloud service provider in addressing their cloud security.
That means it will be easier for attackers to exploit companies’ cloud security vulnerabilities in order to steal resources such as sensitive information that are stored in the cloud.As cloud security are compromised, it can cause consequence such as downtime in the cloud which can have a serious impact on a company’s business as application and services are not available. Another consequence is that security flaws make it challenging for companies to meet industry compliance regulations especially for companies in the finance and healthcare industries. One more consequence is that there is potential loss of data especially for compliance related data such as personal identifiable information which can lead to serious financial and reputation damages for companies.7.
2 Nature of ThreatCloud threats happened in different ways, depending on how the attacker choose to attack. Attackers may do a DDoS attack to disrupt user from accessing their services by finding bugs or vulnerabilities in the cloud implementation. Attackers may also do a DDoS attack to deplete all the resources of the targeted cloud service. With cloud services being disrupted, all the legitimate users will not be able to access their services or applications in the cloud and may cause cloud customer’s business to be disrupted which will lead to serious impact on their business.
Attackers can also do ransomware attack by gaining access to a cloud service provider and typically launch a ransomware attack that can affect every customer using that service. The cloud can be used as a platform to spread malware to other users by sharing of infected files and automatic syncing. For instance, Virlock ransomware particularly targets cloud storage and collaboration platform to allow it to reproduce very quickly through the whole network from a single infected user.When companies become a victim of cloud threat, it will have a strong impact on their businesses and reputation especially if their sensitive customer data is lost and leaked.Cloud service providers will suffer losses should they become a victim of cloud threat and their customers will lose confidence on their service. Their reputation that is built throughout the years might be tarnished in just one cloud attack which is why they must stay vigilant and be aware of this threat.
When cloud consumers become a victim of cloud threat, the attackers can leverage your account credentials to redirect users to illegitimate websites which can cause even more cloud consumers to become a victim of cloud threat. From there attackers can do whatever they want with your sensitive data such as selling it for monetary rewards.7.3 Mitigation of ThreatEven though the threat may have affected many people, but it can still be mitigated in simple ways. Firstly, if you receive any suspicious looking email that contains links or attachments, delete it immediately unless you are absolutely sure it is from trusted source. Secondly, ensure that you update your open source software regularly as updates include patches for newly discovered security vulnerabilities that could be exploited by attackers. Thirdly, make sure that the cloud service you use does backup of your files regularly to ensure you can recover them in case you become a victim of ransomware.
It is also important to conduct security training for staff and educate them with necessary cyber security knowledges in helping to mitigate the cloud threat.In the future, more advanced technology can help both cloud service providers and their customers to protect their assets from attackers. For example, using a more secure authentication system such as multi factor authentication can help to increase the cloud security level as we replaced passwords with it. Behavioural analytics can also help to detect unusual activity in account activities and system administrators can take necessary actions to mitigate the threat.