If most of your business processes weren’t already in the cloud before the pandemic began, there’s a good chance that they are now. The COVID restrictions caused many companies to have to rethink the way they do business and adopt a mostly cloud infrastructure to enable employees to work remotely.
Moving data and work processes to the cloud come with a whole new set of IT security requirements different than on-premises assets. For example, attackers are now going after user credentials with a vengeance because it’s the easiest way to cloud jack an account.
In 2020, attacks on cloud accounts increased 630%.
Cloud jacking is when an attacker takes over a cloud account. This is usually done by logging in as a legitimate user. It’s more difficult for attackers to break into a SaaS provider’s system through a brute force attack, so by stealing or hacking a user credential, they can bypass standard security.
Some recent findings in Verizon’s 2021 Data Breach Investigations report show how dangerous cloud jacking has become. The report found:
Because of the many different types of cloud accounts out there (CRM, accounting, messaging, etc.), there are several different things an attacker has the potential to do once they’ve breached an account.
Some of the things that can happen when an account is hijacked are:
The big Colonial Pipeline ransomware attack in the U.S. in May was the result of cloud jacking. The hackers got in through an unused and unprotected VPN account and through that they were able to release ransomware throughout the company’s network, shutting them down for six days.
It’s crucial to assess the security of your cloud accounts so you can ensure they’re not susceptible to cloud jacking.
One of your best safeguards against a hijacked cloud account is to implement MFA on all your accounts. While some employees may push back about the additional step of entering a code at log in, the impact on security is well worth the few additional seconds.
According to Microsoft, multi-factor authentication can prevent 99.9% of all fraudulent sign-in attempts.
MFA is also a feature that most cloud tools already have, all you have to do is enable it to add a significant layer of protection.
A big enabler of cloud jacking is when companies haven’t properly configured cloud security settings. These can get complicated, especially if you have multiple cloud accounts as most companies do.
Having 100 different security settings in a cloud platform like Microsoft 365 can be confusing and many companies will just leave settings at the default, which isn’t necessarily the most secure environment.
Get help from a professional like Haxxess to set up your initial security configurations in your cloud tools and to check them regularly as updates come out that may impact those settings.
The more user accounts that you have with admin privileges in a cloud account, the more at risk that account is. For example, if you have 5 admin accounts instead of just 1, you’ve given a hacker 4 more chances to breach an account that can do major damage inside your cloud environment.
Only give users the lowest privilege level needed to handle their daily tasks. It’s also a good idea to adopt a “global admin account.” This is an account that is not used daily by a user or for email. Rather, it’s a shared account and the only one that has admin privileges that admins can log into and back out of as they perform administrative tasks.
Users are now logging into your company accounts from multiple devices and multiple locations. It’s hard to secure access if you aren’t monitoring that traffic.
Consider using a cloud access security application, like Microsoft Cloud App Security, to monitor and managing device and user access to your cloud environment, block unauthorized devices, and more.
How secure are your cloud accounts right now? Haxxess can help your Northern Ontario business review and enhance your security configurations to prevent cloud jacking of your accounts.
Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.