CLOUD SECURITY - SMEs ARE TAKING A CLOUD-FIRST APPROACH, BUT ARE THEY PREPARED TO HANDLE CYBER INCIDENTS?

SMEs are taking a Cloud-First approach, but are they prepared to handle cyber incidents?

Cloud services are an easy pathway to set up a business, and startups and SMEs know this.

Singapore has been adopting cloud solutions at an accelerated pace. In recent years, most of the businesses that reach out to Blackpanda for cyber preparation services and incident response have been SMEs and startups which are entirely reliant on cloudbased platforms.

In fact, 98% of business systems currently operate either fully or partially in a cloud computing environment, which may include a combination of networks, storage, virtualization, and management software.

Nowadays, business networks typically consist of a combined cloud infrastructure from a number of cloud providers, including Software as a Service (SaaS) and Platform as a Service (PaaS). There are many challenges related to this, including data volume, accessibility, and the rapid evolution of threats. This has meant that since the transition from on-premises to cloud computing over a decade ago, incident response has changed drastically.

This year alone, 27% of businesses experienced a cyber attack to their cloud environment, according to CheckPoint. In order to stay in business, organizations that adopt a cloud-first approach need to keep themselves prepared in case of critical, service-disrupting incidents. With cyber attackers increasingly targeting the cloud, organizations should prepare themselves to respond to this type of cyber breaches.

This article will look at cloud adoption in Asia, cyber security responsibility in the cloud, and common cloud cyber attacks, highlighting how organizations should be prepared to handle cyber attacks to their cyber infrastructure, software and platforms.

Singaporean companies love the Cloud

The business-friendly environment and a robust infrastructure setup make Singapore a leader in the use of cloud computing in the ASEAN region. In particular, there has been a push from the government to adopt cloud services, which has contributed to 60% of Singaporean IT leaders not foreseeing owning a data center within the next five years according to a survey.

Another study found that 90% of companies worldwide are currently using the cloud for at least some of their operations

If cloud adoption has definitely been growing, experience indicates that cloud security is still lagging behind. Studies have shown that most companies that utilize cloud solutions get breached. A 2021 survey conducted by the International Data Corporation (IDC) found that globally, 98% of businesses experienced at least one cloud data breach between 2020 and 2021, and the trend is growing.

Who is responsible for data management in the cloud?

Companies are often using third party vendors to handle all their services. This may come with the assumption that the responsibility for data stored in the cloud is also given away to the service provider. But this is not entirely true.

It is important to note that cloud security refers to the entire ecosystem of people, processes, policies, and technology that handles and protects cloud-based data and applications. All stakeholders are responsible for its security, including the organization, the cloud provider, and its users. In the cloud, data can be protected, but the people who have access to it determine whether it is secure.

This shared responsibility model is at the core of cloud cyber security, and depending on how enterprises distribute cloud-based applications among varying environments, the level of responsibility each stakeholder has will be different.

Here are three models of cloud infrastructure:

  • Public cloud - whereby the cloud vendor owns infrastructure with the business retaining ownership of the data and virtual network. Here, responsibility for security is fully shared
  • Private cloud – whereby the cloud is hosted in an enterprise’s data center, with the sole responsibility of security vested in the corporation. In this case, the operating business is responsible for the protection of its infrastructure, as well as the applications and data that run on it
  • Software-as-a-Service (SaaS) – in this popular model the cloud vendor hosts applications and makes them available to businesses via the internet. Users have instant access to documents without the inconvenience of installing applications on personal devices, and synchronizing data across many devices. Each SaaS has a specific policy dictating who is responsible for which specific security tasks

As a rule of thumb, organizations are usually responsible for managing the platform, identity and access management, application security, operating system (OS) security, network traffic encryption, server-side encryption and data integrity. On the other hand, cloud providers are generally responsible for the security of the database, computing power, storage, networking, and managing availability zones and edge locations.

It is important to note that according to Gartner, approximately 95% of cloud security breaches will be caused by organizational security failures by 2025. Shared responsibility models require both parties to understand their responsibilities and roles. Cloud providers should ensure their security standards are acceptable based on an enterprise's industry, company requirements, regulations, and risk profile. At the same time, organizations should prepare themselves to respond to the very likely occurrence of a cyber attack to their cloud databases and systems. The main threats affecting cloud-based companies include:
  • Account hijack – a type of attack that compromises users credentials
  • Insider threat – a violation that happens as a result of employees who misusing authorized access
  • Malware injection – a type of attack whereby codes or scripts used for malicious activities are inserted into a webpage
  • Abuse of cloud services – this occurs when users store illegal software in the cloud, including pirated music and videos
  • Insecure Application Programming Interfaces (APIs) – often used to customize the features of the cloud. If not properly secured, API can become vulnerable because of inadequate authentication or encryption
  • Denial of Service (DoS) – cyber attacks that overwhelm servers with junk activity, making them unavailable
  • Data breaches – cyber attacks where sensitive data is captured and exfiltrated by a criminal
  • Insufficient due diligence – cloud security is compromised when there is inadequate owing diligence done when organizations are not clear about their policies
  • Cloud ransomware – malicious data encryption on the cloud has been historically rate, but is more and more often seen as one of the biggest threats to the future of cloud computing

In the next section, we will take a deeper look into the threat of cloud ransomware, and how organizations of all sizes should prepare themselves to respond to cyber attacks on their cloud infrastructure, software and platforms.

Cloud Ransomware

Cloud ransomware, which was previously extremely rare, is now growing in frequency. According to a study by Netskope, most (66.4%) of malware instances in Q2 2021 started with cloud storage apps.

Traditional ransomware cannot attack API-based cloud storage systems, as these do not have access to file systems. As a result, threat actors are developing new TTPs to launch ransomware attacks more easily in cloud environments. These are highly challenging to predict, which is why only the most experienced incident responders are able to anticipate what these TTPs might entail in order to best prepare for and respond to them.

In order to encrypt persistent data in cloud resources, cloud ransomware actors are likely to use cloud APIs to find and access cloud resources that contain persistent data.

A threat actor may target specific cloud services based on the APIs for accessing them, or they may develop different payloads for each targeted service (just like some traditional ransomware actors have previously developed different payloads targeting different operating systems).

Last year, the average ransomware demand was USD 2.2 million, according to Palo Alto Networks , and as attackers start targeting the cloud, this is only predicted to rise.

Cloud incident response

As cloud workloads rapidly evolve, organizations require experienced incident responders, who have a deep understanding of cloud security, investigations, and specialized tools and processes.

By engaging an experienced team of cloud incident responders, organizations can cut down the dwell time of cyber attacks–that is, the time that intercurs between the start of an attack and when it is eradicated–comply with legal requirements, ensure business continuity, and limit the damages that such breaches may cause. This way, having a cloud incident response strategy helps organizations deliver their cloud-based services and products reliably and efficiently.

Cloud incident response involves the alignment of critical resources, operations, and services necessary to manage incidents within a cloud infrastructure. Knowing who to contact in case of a cloud cyber attack, and having a comprehensive cloud incident response plan allow cloud technicians to quickly restore the operations of a downed service.

Conducting frequent compromise assessments is also vital to ensuring cloud cyber security. By detecting and containing malware through proactive threat hunting, organizations can limit their impact on electronic data and valuable networks, and eradicate cyber incidents prior to their escalation into full blown cyber crises.


About the Author



Larabella Myers is a cyber security specialist and technical communicator from the UK and Italy, and her work has always had a deep focus on the Asian cyber threat landscape. As Senior Cyber Security Analyst at Blackpanda, her focus is on producing cyber thought leadership, as well as on assisting clients with technical cyber security guidance and support.

She has worked in the technology industry for over 5 years, first within the IT space and then supporting the British government through cyber security research and consulting. Larabella studied Philosophy, Politics and Economics at the University of Warwick, and she leverages her social sciences insights to bring a multidisciplinary nuance to the field of cyber security.

She is the author of three published papers on technology geopolicy in academic journals, and is active in the cyber security scholarship community. She also holds several certifications in cyber security, including Security+ and CySa+ (CompTia), Cyber Security for Business Leaders (Oxford Saïd Business School) and Cloud Practitioner (AWS). In 2022, she was recognised as Woman of The Future for Technology and Digital.