Management and Competitiveness

Cybersecurity in the cloud, vulnerability that threatens the financial sector

Nube envuelta con un candado. Ciberseguridad en la nube, vulnerabilidad que trae en jaque al sector financiero

Many organizations are adopting cloud services to leverage their benefits, and the adoption of this technology accelerated during the pandemic. It is expected that cloud service consumption will continue to grow significantly in 2022. However, this also brings significant challenges, particularly in cloud cybersecurity, with Mexico ranking third in cyberattacks worldwide.

IT administrators, especially CISOs, are aware of these risks and the concerning position of our country in this ranking. They are taking steps to mitigate the risks associated with this context.

Security considerations when contracting cloud services

  • As a cloud customer, the organization is responsible for the security of its data.
  • Data in the cloud is created, shared, and consumed outside the visible network and managed devices.
  • Without visibility and control over data in the cloud, the risk of data loss incidents and non-compliance increases.
  • Cloud service administrators may have access to confidential information.
  • Authentication mechanisms can be attacked.
  • Traditional malware attacks are evolving to target cloud APIs, launching attacks.
  • Developers can introduce risks through misconfigured IaaS.
  • IaaS is quickly deployed with limited security configuration, leaving data open to the public or vulnerable to attackers.
  • Most organizations have misconfigured IaaS instances.

Top ten sectors most threatened in the cloud

Due to these challenges, companies are allocating more budget to information security, especially cloud data security. Gartner projected that companies spent more than $123 billion on security in 2020, and other analysts like McKinsey estimate that this investment will grow to $101.5 billion by 2025. Cyberattacks are on the rise, with cybercrime becoming an illegal industry comparable to the economies of the world’s leading powers.

Hackers are using increasingly sophisticated technologies like AI (Artificial Intelligence) and Machine Learning to multiply their attacks. CONDUSEF estimated that the recovery cost for ransomware attacks averages $2.3 million.

For example, according to the Trellix October 2021 Advanced Threat Research Report, the sectors most threatened in the cloud in the second quarter of the year were:

  • Financial Services 33%
  • Healthcare Services 13%
  • Manufacturing 9%
  • Retail 9%
  • Professional Services 8%
  • Travel and Hospitality Services 7%
  • Software and Internet 6%
  • Technology 5%
  • Computing and Electronics 4%
  • Non-Profit Organizations 3%

The Financial Services sector tops the list, being the most affected by cloud incidents, and more risks are anticipated not just for this sector but in general.

Some evolving risks include:

  • Misconfiguration of APIs
  • Exploitation of modern authentication mechanisms
  • Evolution of traditional malware attacks to increasingly use cloud APIs
  • Misuse of APIs to launch attacks on company data

By 2023, at least 99% of cloud security failures will be the customer’s fault.

– Gartner Magic Quadrant

Security solutions to protect cloud information

As cyberattacks have evolved, so have the companies offering cybersecurity solutions, helping organizations minimize cloud attack risks.

Two security solutions that will help protect your data are:

  1. Cloud Access Security Brokers (CASB)
  2. Data Loss Prevention (DLP)

1. Cloud Access Security Brokers (CASB)

CASB, or Cloud Access Security Brokers, are security policy enforcement points located between cloud consumers and cloud service providers. They combine and enforce enterprise security policies as cloud resources are accessed.

Examples of these security policies include authentication, single sign-on, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerts, and malware detection and prevention.

CASB functions

Many CASB security functions are unique compared to those offered by other security controls, such as web application firewalls and secure web gateways, and can include:

  • Data loss prevention and threat protection
  • Cloud governance and risk assessment
  • Control over native cloud service functions, such as collaboration and sharing
  • Control of admin and user actions
  • User and entity behavior analytics (UEBA)
  • Configuration auditing
  • Malware detection
  • Data encryption and key management
  • SSO and IAM integration
  • Contextual access control

CASB’s foundational pillars

CASB began as a response to “Shadow IT” but has evolved to include functionalities that protect against modern cyberattacks. The core components that any CASB solution must have are based on four foundational pillars:

  • Visibility
  • Compliance
  • Data security
  • Threat protection

2. Data Loss Prevention (DLP)

DLP, or Data Loss Prevention, is a set of technologies and inspection techniques used to classify the information content within an object, such as a file, email, packet, application, or data store, while it is at rest (stored), in use (during an operation), or in transit (across a network).

These tools also have the ability to dynamically apply a policy, such as logging, reporting, classifying, relocating, tagging, encrypting, and/or applying enterprise data rights management protections.

Main Functions

DLP protects against data leakage by identifying and safeguarding data both inside and outside the network.

DLP includes functions such as:

  • Scanning data in motion, use, and at rest
  • Identifying data that requires protection
  • Executing corrective actions: alerting, requests, quarantining, blocking, and encryption
  • Device control
  • USB device encryption
  • Integration with proxy servers for web traffic protection
  • Generating reports for compliance, auditing, forensic analysis, etc.

The ongoing challenges of cloud cybersecurity

As organizations continue migrating services to the cloud, keeping those environments secure, even when they are outside the visibility of on-premises security controls, will represent a significant challenge. This will increasingly be associated with IT compliance requirements, cybersecurity policies, and regulations surrounding information security.

Companies must protect their data while allowing their employees to continue accessing cloud services without posing a risk to the organization.

In the end, all business areas, particularly IT and Security, seek:

  • The ability to transform the business through cloud adoption with visibility and control over all their data.
  • Control over the access, sharing, and storage of data in the cloud to avoid leakage risks.
  • Detecting and stopping internal and external malware-based threats to their cloud data and applications.

Are you interested in learning more about cloud cybersecurity tools that can help protect your data?

At icorp, we can help. We offer various solutions to build a comprehensive cybersecurity strategy. Contact us for more information.

This article has been translated using AI and may include errors.

Juan Carlos Ruiz

Electronics Engineer, responsible for the operation and delivery of IT services for more than 10 years. He has been responsible for the Service Management System and ISO 20000 Process Manager. Currently, he holds the position of IT Solutions Manager.