I’m old enough to remember when the cloud was born. Yes, I know, for many reading this you’re wondering how I still draw breath. I’m not a boomer but have had a few “OK Boomer” moments as of late. But, back to the birth of the Cloud. I was 13 years old and listening to U2’s War album on Cassette tape. The year was 1983 and internet service provider CompuServe offered its customers a small amount of disk storage space for file uploads. A whopping 128K. But, it took another 10 years for the term “Cloud” to be used in marketing literature. AT&T launched commercials that said, “You can think of our electronic meeting place as the cloud." By 2006, cloud storage was being offered by DropBox for files and Pinterest for pictures.
By the late 20th, century it became clear that the Cloud wasn’t going away. That’s not to say it didn’t have its detractors - which for a while was almost everybody. There was a period in the early 21st century when the Cloud was considered a dirty word. There were, however, those (myself included) who began using the cloud regardless of peers telling me not to trust it. I was an early Google Docs user as well as having a free SalesForce personal account (which I still have to this day as it was advertised as for life!). I’ve only gone deeper since those early days. Today I use Google Photos for all my memories and Office365 for all my business needs. I’m not alone. The cloud services market today is worth an eye-popping $272 billion USD and is projected to hit $713 billion USD by 2025. It is arguably the fastest growing technology vertical in 2019. The Cloud is considered so mainstream now that the U.S. government just awarded a Department of Defense contract worth $10 billion USD to Microsoft. I think it’s safe to say that “Cloud” is no longer a dirty word.
With great success come great enemies. Bad actors abound and data breaches have become quite common place. One of the ones that made headlines early on was the Ashley Madison breach. In 2015, a group of bad actors called “The Impact Team” released over 25 gigabytes of client data - names and other details of people using the extra-marital dating service. 2019 has been a blockbuster year for breaches. Here are the top 10 through July according to TechGenix:
- January 2019: Fortnite, Oklahoma Department of Securities, Collection #1, Elasticsearch cloud storage
- March 2019: Verifications.io
- April 2019: Facebook
- May 2019: First American Corp., Canva, Flipboard
- July 2019: Capital One
The threats for the cloud look only to be increasing. WatchGuard just released their 2020 Threat Prediction Index, and it looks like Cloud will be facing more dangerous threats than mere data breaches. WatchGuard predicts that the latest threat the cloud will face is ransomware. Up to now, the security of documents stored in the web has been handled well. It makes sense: Amazon and Microsoft both employee thousands of security experts to keep their clouds safe. Also, Cloud repositories tend to have a lot of redundancy and file replication across servers which has made ransomware difficult in the cloud. But if WatchGuard is correct, these measures may no longer be enough to keep the Cloud free of ransomware. We’re starting to see signs of this already.
According to Vectra, the two largest groups currently being targeted by ransomware in the U.S. are education (37%) and finance/insurance (38%). This could be changing. WatchGuard predicts that, in 2020, healthcare, state and local governments, and industrial IOT are going to garner a lot more attention by those attacking with ransomware. The reason? These verticals can’t afford any downtime. A hospital being subjected to a ransomware attack in the Cloud won’t just have financial implications, it could put thousands of lives at risk. This is no small matter and could spell disaster. At the time of writing this blog, Healthcare IT News released an article that says a nursing home had a cloud ransomware attack that has jeopardized its electronic health records. The bad actors responsible are demanding $14 million in bitcoin from the cloud host. A modified version of the TrickBot virus was used and the cloud provider is scrambling to restore access of critical data.
I think we have to be careful with assuming that 2020 is going to be full of worst-case scenarios. Afterall, the Cloud isn’t going anywhere and neither are the folks managing its security. But it is important that we stay on top of these trends in order to better take care of our customers and their data. The threat landscape is changing and we’re all going to have to change with it.
So, what are some things we can do to better ensure the cyber-safety of our customers and ourselves? Understanding the trends in security are important, but we can do a little work to ensure we’re ready. Here are some tips:
- Talk to your cloud provider about how they intend to deal with these new threats: If you currently resell or provide cloud repositories for your customers, talk to your partners and ask what they are doing to prepare for the potential of ransomware in the Cloud.
- Talk to your partners: Some of your other partners may have been researching this issue already and come up with some novel solutions. Your network is powerful, leverage it and you may get some very useful advice.
- Setup Google alerts regarding cloud security: If you have a Google account you can setup alerts that will automatically notify you when the topic is written about on the web. You’ll require a Google account and can simply go to www.google.com/alerts to start setting them up.
- Sell Security! If you’re not selling cyber-security and cloud-security options today, you should be. There are a variety of toolsets and professional services that you can provide to help your customers sleep better at night. The cyber-security market is worth $122 billion a year and expected to grow to over $300 billion by 2025. If you’re looking to grow your business this is an area you should give serious consideration.
There’s no such thing as being perfectly safe in the Cloud, but these tips will help you to better prepare. Do You have some expertise or examples of cloud ransomware that you’d like to share? Tigerpaw invites you to join the conversation and leave your comments and thoughts about what you see as important for cloud security in the coming year. By talking together, we can all become stronger providers and partners and that will help our customers too.