InsiderSecurity

4 Tips for improving cloud security

Cloud security protects critical applications and data from attacks and unauthorized access. It is especially important since at least 50% of data worldwide is stored and processed in the cloud, and 60% of enterprises have implemented multi-cloud infrastructure. The increased reliance on cloud solutions to manage data, enable remote working, scale business operations, and provides instant network resources, has provided attackers with numerous incentives for targeting cloud services. According to a 2022 security report, 27% of organizations suffered a cloud security breach, with misconfigurations and poor data security practices contributing to 23% and 15% of the attacks, respectively. Here are the top four practices for enhancing cloud security.

1.    Strengthen the security configuration

Many companies are turning to multi-cloud infrastructure to drive business operations. A recent survey found that more than 30% have at least three cloud computing providers and the increasing complexities introduce security concerns due to misconfigurations. Misconfiguration is one of the largest cloud computing security threats, but strengthening cloud security configuration can improve cloud security.

Firstly, adopt effective user management procedures. User management is the ability to manage devices, networks, systems, and users that can access and use cloud services. It is a core part of cloud IAM (Identity and Access Management), which involves defining the users who can access cloud resources.  Users and devices should only be provided with the minimum level of access required in work, so as to protect cloud data and applications from unauthorized access and misuse.

Verify the access permissions of cloud data, files, and assets. Performing security audits can identify users with unnecessary permissions that heighten security risks and assets exposed to public access. For example, in 2021, a cyber-analytics firm exposed five billion personal records after allowing public access to a database without password or encryption protection. Verifying the access permissions can prevent such incidents from occurring.

Also, enable multi-factor authentication MFA for all cloud accounts since 61% of breaches involve compromised credentials. Additionally, it would be a good idea  if you make use of a whitelist of devices, users, and regions that can access your cloud environment to reduce the possibility of an attack. Finally, it is important to check if cloud applications installed by users into their cloud accounts are not being exploited by third parties to attack the organisation.

2.    Monitor your user logs

Most cloud providers provide audit logs for user activities. The audit logs record activities performed in the cloud environment. These include configuration changes, provision of new cloud resources, and the user accounts involved in the activities. Monitoring these user activity logs is key to early detection of cloud breaches. For example, continuous cloud monitoring can identify suspicious data access, such as accessing data at odd business hours and unusual download of  data. User activity logs can reveal suspicious logins. For example, multiple login attempts from different devices spread across different locations may be due to compromised credentials. Monitoring of privileged user activities can identify suspicious behaviors which may result in a data breach, such as sharing cloud resources with external parties and the sudden creation of mailbox forwarding rules.

3.    Encrypt your cloud data

A 2021 research drawing at least 2,600 security and IT experts found that a surprising 83% of businesses do not encrypt half of their crucial cloud data. At the same time, 24% of organizations store all their data and workloads in the cloud. Cloud data encryption transforms data from a readable text format to a scrambled format that can’t be read without the decryption key.

Enabling encryption by default in the cloud environment encrypts data at rest and in transit, thus protecting it from malicious actions even if it falls into the wrong hands.

For additional protection, you can consider separately encrypting data before storing or transferring it to the cloud, so as to prevent access or modification by unauthorized users (however this may or may not be feasible, depending on how the cloud data is to be used).

4.    Provide anti-Phishing training for employees regularly

51% of companies blame phishing for compromised cloud credentials. Phishers trick users into clicking malicious links that lead to spoofed websites and reveal login credentials. For example, an attacker may pose as an IT security staff in an organization and target employees with phishing emails requiring them to address some issues with their cloud accounts. Untrained employees often fall for this trap and reveal their login credentials.

Anti-phishing training is an essential practice for strengthening cloud security. Anti-phishing education trains employees on how to identify phishing emails. It also trains on how to report such messages and how they can report to security staff for further investigation. By understanding how phishing works, employees can avoid falling victim, which leads to enhanced cloud computing security.

Summary

Cloud security incidents will continue increasing as more users adopt cloud services. Strengthening security configurations should include adopting effective user management practices such as IAM. Verifying access permissions helps to identify users with excessive permissions and to identify publicly exposed data. Enabling MFA can protect your cloud environment from unauthorized access via compromised credentials. Continuous monitoring of cloud user logs is key for early detection of cloud beaches. Monitor user logs to identify suspicious data access, suspicious login patterns, and anomalous behaviors that can result in a serious data breach. It helps to encrypt cloud data at rest and in transit to protect against unauthorized modification and access. Lastly, it is a good idea to train employees to identify and respond to phishing attacks.

How can InsiderSecurity help?

InsiderSecurity CSM (Cloud Security Monitor) provides automated monitoring of cloud user logs. It is a simple-to-use SaaS for enterprises to monitor their data security in Microsoft 365.

With its award-winning automated cybersecurity analytics and machine-learning, InsiderSecurity CSM makes sense of the high volume of Microsoft 365 activity events, so that you do not have to. It provides an easy way to monitor your Microsoft 365 data security. CSM discovers insider threats, compromised accounts, and suspicious data access. It can also discover documents shared with the public by accident.

Contact us now and try a demo!

What is cloud security? 

The Covid-19 pandemic helped increase the pace of what was already a steady transition to cloud services. The shift to remote work pushed companies to adopt cloud infrastructure. The increased adoption of cloud services comes with a need for increased Cloud Security.

Organisations in Singapore are lagging behind when it comes to cybersecurity, with only 49% able to respond to threats within a day. This is compared to the global average of 70% across 11 markets. In the past year, 65% of organisations in Singapore have experienced at least six cybersecurity incidents and for 45% of organisations, the cloud application or infrastructure is the source of the breach.

The cloud is as secure as any on-premises IT, provided a robust cybersecurity strategy is in place. And therein lies the problem:  Many companies have a cybersecurity strategy which caters for on-premises IT, but not yet for cloud services.

Understanding the problem is usually half the solution. Albert Einstein, one of the greatest minds that ever lived, once said, “Given one hour to save the world, I would spend 55 minutes defining the problem and 5 minutes finding the solution.”

So, let’s understand a few common security threats that can be challenges specific to the cloud.

Cloud Security Common Threats and Challenges: 

  • Misconfigurations: A recent study by the National Security Agency (NSA) has revealed that cloud data misconfiguration is the most common vulnerability in cloud-based systems. It occurs due to a lack of knowledge about good cloud security practices. When cloud systems are not configured correctly, they lead to cyber exposures and security breaches. Unsecure Identity and Access Management (IAM), Insecure Data Storage, and Insecure Authentication practices are the most common culprits.
  • Internal threats: Insider threats are particularly dangerous as these threats originate from within your organization. These threats could be due to negligence, credential theft, or someone with criminal intent. In the latter’s case, they could be current or former employees, contractors, or business partners. The Ponemon Institute has categorized Insider threats into 4 categories:
    1. The Pawn: These are employees who are unaware that they are manipulated into performing malicious activities.
    2. The Goof: These users are ignorant about security policies and actively try to bypass them. They tend to leave critical data and resources unsecured.
    3. The Collaborator: These are the insiders who collaborate with external threats, typically for personal or financial gain.
    4. The Lone wolf: These are individuals that act alone for personal gain. They can be extremely dangerous if they have elevated levels of IT privilege.
  • Account hijacking: Account hijacking occurs when a cybercriminal manages to gain control of an employee’s cloud account. This can be achieved using a variety of techniques, e.g., Phishing attacks, Brute force password attacks, Server-side request forgery (SSRF) attacks, or malware etc. Account hijacking can be particularly dangerous if an employee’s account with privileged access, for example, a system or database administrator, is hacked. More sophisticated cybercriminals can even install backdoors that will allow them to access these accounts anytime.
  • Lack of visibility and tracking: As you increasingly continue to use cloud services, the size of your infrastructure grows. In such instances, it’s easy to lose track of or forget about the various services. A major issue is a lack of visibility of cloud infrastructure, which can delay response to threats and result in a data breach. Managers, sysadmins, and DevOps teams must take a proactive approach to security in such instances.

How To Secure Your Data Hosted on the Cloud? 

Data can be hosted on the cloud by adopting a comprehensive cybersecurity strategy that addresses the vulnerabilities specific to the cloud. A few good practices to follow are:

  • Strengthen Identity and Access Management (IAM): When it comes to IAM, it’s best to adopt the principle of least privilege. This means limiting access privileges to users so that users only have access privileges to cloud resources that are needed for them to do their work. It is also good practice to frequently review access privileges for users.
  • Monitor for suspicious activities: A sound cloud cybersecurity strategy should also focus on user activity monitoring. Various factors, such as abnormal changes in database activity, suspicious access patterns, and modifications to files, can all indicate a potential cyberattack or data breach. There may be an attacker who has gained access to legitimate credentials and is actively exploiting the credentials to gain unauthorized access to your cloud infrastructure. You may uncover suspicious behaviour, such as user access at odd hours, multiple failed login attempts, and suspicious administrator activities. Security measures to detect such suspicious user activity early will protect your organisation’s data and prevent major data loss in the cloud.
  • Track and maintain Cloud inventory: Cybersecurity professionals should comprehensively review their organization’s cloud infrastructure to identify potential risks, such as shadow IT. Shadow IT is a term used to describe unauthorized applications or devices used within an organization without the knowledge or approval of the IT department. Shadow IT can pose a serious security risk to an organization, as it can allow unauthorized access to sensitive data and systems. Cyber security teams can identify and mitigate these risks by deep diving into their existing cloud infrastructure and performing regular audits.

How To Secure Your Data Hosted on the Cloud? 

InsiderSecurity has redefined security with Singapore’s most advanced cloud-native platform that integrates seamlessly with Microsoft 365 to monitor data security. The industry continues to recognize InsiderSecurity as an innovation leader, most recently with the Cyber Security Agency of Singapore (CSA) naming InsiderSecurity a winner at the 2022 Cybersecurity Innovation Day.

Cloud Security Monitor is a simple-to-use SaaS for enterprises to monitor their data security in Microsoft 365. With its award-winning automated cybersecurity analytics and machine-learning, Cloud Security Monitor makes sense of the high volume of Microsoft 365 activity events, so that you do not have to. Finally, an easy way to monitor your Microsoft 365 data security.

When it comes to protecting cloud data, the choice is InsiderSecurity’s Cloud Security Monitor.

Contact us now and try a demo!

ASEAN 40 under 40 List

InsiderSecurity’s cofounder Chen Kin Siong is honoured to be in the ASEAN 40 under 40 list, for InsiderSecurity’s innovative work on solving big challenges in cybersecurity.

Minister S Iswaran cited InsiderSecurity in his Total Defence 2019 Speech.

InsiderSecurity cited in Minister Iswaran’s Total Defence Speech

InsiderSecurity was cited by Minister Iswaran on how our tech is securing Singaporean organisations in his Total Defence Day 2019 speech.

“I am happy that local companies such as SgCarMart and the Singapore College of Insurance have already adopted solutions by InsiderSecurity, a homegrown cybersecurity company founded by Singaporean cyber warfare experts and accredited by IMDA’s Accreditation@SGD programme.” said Minister Iswaran.

InsiderSecurity is proud to be cited by Mr. S Iswaran, Minister for Communications and Information and Minister-in-Charge of Cybersecurity in his speech during the Total Defence Day Commemoration on last February 15, 2019. 

Minister Iswaran talked about various digital threats that took place globally and in Singapore, underscoring how these can be as destructive as physical threats like terrorism. He then called on the nation to play a part in this national effort to fight cyber threats, with various Government Agencies and businesses taking the necessary steps to strengthen security strategies. Minister Iswaran gave the example where Singaporean organisations are adopting InsiderSecurity’s cybersecurity solution.

As a homegrown cybersecurity firm accredited by IMDA, we are thankful for the opportunity to serve fellow Singapore companies, defending them from cyber attackers hiding inside the network.

With cybersecurity increasing in importance each day, we at InsiderSecurity will be building on our strengths in Early Breach Detection and Cybersecurity Behaviour Analytics to make Singapore a safer place.


See the full text of his speech on the MCI website.

InsiderSecurity Participated in GovWare 2018

InsiderSecurity Participated In GovWare 2018

We had a fantastic GovWare 2018, with great response from visitors and attendees to InsiderSecurity’s award-winning, IMDA-accredited, deep tech for Early Breach Detection! Jonathan, our CEO, was also invited to speak on cybersecurity AI, entitled “Will AI save or kill us in cybersecurity?”

CNA interview with InsiderSecurity CEO

CNA Interview: InsiderSecurity CEO on the challenge of finding cybersecurity talents in Singapore

In an interview with Channel News Asia, our CEO, Jonathan Phua, talked about the challenge of finding the right talents who can fill positions in the local cybersecurity industry.

In an interview with Channel NewsAsia, our CEO, Jonathan Phua, talked about the challenge of finding the right cybersecurity talents, who can fill positions in the local cybersecurity industry. Singapore, like many countries, is experiencing a shortage of cybersecurity professionals. This makes it difficult for many organisations to get strong cybersecurity. The higher demand for experienced cybersecurity professionals also means higher hiring costs.

Immediate shortage aside, there are good reasons for Singapore to develop its cybersecurity talents.

“It is vital for Singapore to grow our own cybersecurity talents because of two reasons. First, Singapore has a good shot at becoming a major cybersecurity hub. We have the right people and infrastructure. Second, if not for economics, then for national defense, as cybersecurity is already the sixth pillar of Total Defence,” explained Phua.

Attracting cybersecurity professionals need not always be via higher salaries. There are applicants who join companies not just because of the financial compensation, but also for the value of the product or service they see that those companies are producing. “Within InsiderSecurity, we have been fortunate in that we have been able to attract talents, as we are doing exciting, cutting-edge work,” said Phua.

InsiderSecurity is helping address the current talent shortage by continuing to develop automated cyber threat detection technology, that helps companies with even small IT teams cope with cyber threats.