How Can Our Company Prevent Cloud Jacking of Our Accounts?

How Can Our Company Prevent Cloud Jacking of Our Accounts?

If most of your business processes weren’t already in the cloud before the pandemic began, there’s a good chance that they are now. The COVID restrictions caused many companies to have to rethink the way they do business and adopt a mostly cloud infrastructure to enable employees to work remotely.

Moving data and work processes to the cloud come with a whole new set of IT security requirements different than on-premises assets. For example, attackers are now going after user credentials with a vengeance because it’s the easiest way to cloud jack an account.

In 2020, attacks on cloud accounts increased 630%.

What is Cloud Jacking?

Cloud jacking is when an attacker takes over a cloud account. This is usually done by logging in as a legitimate user. It’s more difficult for attackers to break into a SaaS provider’s system through a brute force attack, so by stealing or hacking a user credential, they can bypass standard security.

Some recent findings in Verizon’s 2021 Data Breach Investigations report show how dangerous cloud jacking has become. The report found:

  • 61% of data breaches in 2020 involved credential theft.
  • The #1 misuse detection in breaches was privilege abuse.
  • The use of stolen user credentials was the #2 action used in data breaches.

What Can Happen When a Cloud Account is Hijacked?

Because of the many different types of cloud accounts out there (CRM, accounting, messaging, etc.), there are several different things an attacker has the potential to do once they’ve breached an account.

Some of the things that can happen when an account is hijacked are:

  • Data can be stolen or deleted
  • Ransomware can be released that infects the cloud & syncing computers
  • Phishing emails can be sent out on the user’s company email account
  • An email address can be forwarded to the attacker’s account
  • Users can be added or deleted
  • Banking details can be accessed
  • Credit cards stored in cloud accounts can be charged by the attacker
  • Security configurations in the account can be changed

The big Colonial Pipeline ransomware attack in the U.S. in May was the result of cloud jacking. The hackers got in through an unused and unprotected VPN account and through that they were able to release ransomware throughout the company’s network, shutting them down for six days.

It’s crucial to assess the security of your cloud accounts so you can ensure they’re not susceptible to cloud jacking. 

Tips for Protecting Your Cloud Accounts from Being Compromised

Implement Multi-Factor Authentication (MFA)

One of your best safeguards against a hijacked cloud account is to implement MFA on all your accounts. While some employees may push back about the additional step of entering a code at log in, the impact on security is well worth the few additional seconds.

According to Microsoft, multi-factor authentication can prevent 99.9% of all fraudulent sign-in attempts. 

MFA is also a feature that most cloud tools already have, all you have to do is enable it to add a significant layer of protection.

Avoid Misconfiguration by Getting Help With Your Settings

A big enabler of cloud jacking is when companies haven’t properly configured cloud security settings. These can get complicated, especially if you have multiple cloud accounts as most companies do.

Having 100 different security settings in a cloud platform like Microsoft 365 can be confusing and many companies will just leave settings at the default, which isn’t necessarily the most secure environment.

Get help from a professional like Haxxess to set up your initial security configurations in your cloud tools and to check them regularly as updates come out that may impact those settings.

Restrict User Privileges

The more user accounts that you have with admin privileges in a cloud account, the more at risk that account is. For example, if you have 5 admin accounts instead of just 1, you’ve given a hacker 4 more chances to breach an account that can do major damage inside your cloud environment.

Only give users the lowest privilege level needed to handle their daily tasks. It’s also a good idea to adopt a “global admin account.” This is an account that is not used daily by a user or for email. Rather, it’s a shared account and the only one that has admin privileges that admins can log into and back out of as they perform administrative tasks.

Monitor User & Device Access to Your Cloud Accounts

Users are now logging into your company accounts from multiple devices and multiple locations. It’s hard to secure access if you aren’t monitoring that traffic.

Consider using a cloud access security application, like Microsoft Cloud App Security, to monitor and managing device and user access to your cloud environment, block unauthorized devices, and more.

Schedule a Review of Your Cloud Security Today

How secure are your cloud accounts right now? Haxxess can help your Northern Ontario business review and enhance your security configurations to prevent cloud jacking of your accounts. 

Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.

stay in touch

Subscribe to our newsletter and we'll keep you informed about latest IT news.