Miscreants sure do love ransacking cloud networks, more so than before As enterprises around the world continue to move to the cloud, cybercriminals are following right behind them. There was a 48 percent year-over-year jump in 2022 in cyberattacks on cloud-based networks, and it comes at a time when 98 percent of global organizations use cloud services, or at least that's what Check Point …
"You think we would have taken the lessons learned and then moved them to the cloud". Yes, of course! Beancounters are always happy to throw money in cybersecurity, aren't they? It isn't as they asked to move everything in the cloud because they thought it would be less expensive. I also love the sentence that one should 'avoid misconfigurations', because IT has always the competent resources in sufficient number and all the time required to do things right. I would have another advice: bad people shouldn't do bad things, because it's bad you know.
Makes no difference where you put your data, if you're clueless about security you could put it on a USB drive, bury it in concrete and drop it in the ocean, you'd still get pwned if that data is valuable enough to warrant the effort!
...clueless about security... -- Yep. Or worse, wilfully ignorant. I say worse, but same effect.
When I discuss ICT security with non-techies, I often use an analogy of a person's home, and the locks on the doors (I'm sure I'm not alone here). You want authorised people to gain access while preventing access to the undesired. Adding a lock to a door but not using it does SFA. You can put the house on the Moon, but those that can escape Earth's gravity can still kick a door in. (That's a new bit, for air-gapping! Vacuum-gapping?)
The point is that systems designed to allow access do that: they allow access. Application of restrictions are initially theoretical, with the defenders often playing catch-up after the rapscallions breech. So it follows that sticking valuable data on a global network must be deemed highly risky. And mission critical stuff should just be a "no" no-brainer. The old "horses for courses".
Even for those that suggest encryption is strong enough to mitigate the threat, which on-paper-in-a-perfect-world I agree with, it still relies on being implemented and utilised correctly, and with no zero days in just the wrong place. Do you wanna bet your love spuds on that?
More like "Let's put our mission critical, confidential, proprietary data out on a cloud service that can be securely and effectivelt pretected and NOT DO THAT!"
99.99999% of all cloud server data lose is directly attributable to the person/company that owns the data not using the phacilities available to secure that data.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
