Connect with us

ZDNET

Cloud security in 2021: A business guide to essential tools and best practices

Published

on

Cloud computing services have become a vital tool for most businesses. It’s a trend that has accelerated recently, with cloud-based services such as Zoom, Microsoft 365 and Google Workspace and many others becoming the collaboration and productivity tools of choice for teams working remotely.

While cloud quickly became an essential tool, allowing businesses and employees to continue operating from home, embracing the cloud can also bring additional cybersecurity risks, something that is now increasingly clear. 

Previously, most people connecting to the corporate network would be doing so from their place of work, and thus accessing their accounts, files and company servers from inside the four walls of the office building, protected by enterprise-grade firewalls and other security tools. The expanded use of cloud applications meant that suddenly this wasn’t the case, with users able to access corporate applications, documents and services from anywhere. That has brought the need for new security tools. 

Cloud computing security threats

ZDNet Recommends

The best cloud storage services

Free and cheap personal and small business cloud storage services are everywhere. But, which one is best for you? Let’s look at the top cloud storage options.

Read More

While positive for remote workers – because it allows them to continue with some semblance of normality – working remotely also presents an opportunity for cyber criminals, who have quickly taken advantage of the switch to remote working to attempt to break into the networks of organisations that have poorly configured cloud security. 

SEE: IT Data Center Green Energy Policy (TechRepublic Premium)

Corporate VPNs and cloud-based application suites have become prime targets for hackers. If not properly secured, all of these can provide cyber criminals with a simple means of accessing corporate networks. All attackers need to do is get hold of a username and password – by stealing them via a phishing email or using brute force attacks to breach simple passwords – and they’re in. 

Because the intruder is using the legitimate login credentials of someone who is already working remotely, it’s harder to detect unauthorised access, especially considering how the shift to remote working has resulted in some people working different hours to what might be considered core business hours. 

Attacks against cloud applications can be extremely damaging for victims as cyber criminals could be on the network for weeks or months. Sometimes they steal large amounts of sensitive corporate information; sometimes they might use cloud services as an initial entry point to lay the foundations for a ransomware attack that can lead to them both stealing data and deploying ransomware. That’s why it’s important for businesses using cloud applications to have the correct tools and practices in place to make sure that users can safely use cloud services – no matter where they’re working from – while also being able to use them efficiently.

Use multi-factor authentication controls on user accounts

One obvious preventative step is to put strong security controls around how users log in to the cloud services in the first place. Whether that’s a virtual private network (VPN), remote desktop protocol (RDP) service or an office application suite, staff should need more than their username and password to use the services.  

“One of the things that’s most important about cloud is identity is king. Identity becomes almost your proxy to absolutely everything. All of a sudden, the identity and its role and how you assign that has all of the power,” says Christian Arndt, cybersecurity director at PwC.  

Whether it’s software-based, requiring a user to tap an alert on their smartphone, or hardware-based, requiring the user to use a secure USB key on their computer, multi-factor authentication (MFA) provides an effective line of defence against unauthorised attempts at accessing accounts. According to Microsoft, MFA protects against 99.9% of fraudulent sign-in attempts.  

Not only does it block unauthorised users from automatically gaining entry to accounts, the notification sent out by the service, which asks the user if they attempted to log in, can act as an alert that someone is trying to gain access to the account. This can be used to warn the company that they could be the target of malicious hackers. 

Use encryption 

The ability to easily store or transfer data is one of the key benefits of using cloud applications, but for organisations that want to ensure the security of their data, its processes shouldn’t involve simply uploading data to the cloud and forgetting about it. There’s an extra step that businesses can take to protect any data uploaded to cloud services – encryption. 

Just as when it’s stored on regular PCs and servers, encrypting the data renders it unreadable, concealing it to unauthorised or malicious users. Some cloud providers automatically provide this service, employing end-to-end protection of data to and from the cloud, as well as inside it, preventing it from being manipulated or stolen.  

Apply security patches as swiftly as possible 

Like other applications, cloud applications can receive software updates as vendors develop and apply fixes to make their products work better. These updates can also contain patches for security vulnerabilities, as just because an application is hosted by a cloud provider, it doesn’t make it invulnerable to security vulnerabilities and cyberattacks. 

Critical security patches for VPN and RDP applications have been released by vendors in order to fix security vulnerabilities that put organisations at risk of cyberattacks. If these aren’t applied quickly enough, there’s the potential for cyber criminals to abuse these services as an entry point to the network that can be exploited for further cyberattacks. 

Use tools to know what’s on your network

Companies are using more and more cloud services – and keeping track of every cloud app or cloud server ever spun up is hard work. But there are many, many instances of corporate data left exposed by poor use of cloud security. A cloud service can be left open and exposed without an organisation even knowing about it. Exposed public cloud storage resources can be discovered by attackers and that can put the whole organisation at risk. 

In these circumstances, it could be useful to employ cloud security posture management (CSPM) tools. These can help organisations identify and remediate potential security issues around misconfiguration and compliance in the cloud, providing a means of reducing the attack surface available to hackers to examine, and helping to keep the cloud infrastructure secure against potential attacks and data breaches. 

“Cloud security posture management is a technology that evaluates configuration drift in a changing environment, and will alert you if things are somehow out of sync with what your baseline is and that may indicate that there’s something in the system that means more can be exploited for compromise purposes,” says Merritt Maxim, VP and research director at Forrester. 

SEE: Network security policy (TechRepublic Premium)

CSPM is an automated procedure and the use of automated management tools can help security teams stay on top of alerts and developments. Cloud infrastructure can be vast and having to manually comb through the services to find errors and abnormalities would be too much for a human – especially if there are dozens of different cloud services on the network. Automating those processes can, therefore, help keep the cloud environment secure. 

“You don’t have enough people to manage 100 different tools in the environment that changes everyday, so I would say try to consolidate on platforms that solve a big problem and apply automation,” says TJ Gonen, head of cloud security at Check Point Software, a cybersecurity company. 

Ensure the separation of administrator and user accounts

Cloud services can be complex and some members of the IT team will have highly privileged access to the service to help manage the cloud. A compromise of a high-level administrator account could give an attacker extensive control over the network and the ability to perform any action the administrator privileges allow, which could be extremely damaging for the company using cloud services.

It’s, therefore, imperative that administrator accounts are secured with tools such as multi-factor authentication and that admin-level privileges are only provided to employees who need them to do their jobs. According to the NCSC, admin-level devices should not be able to directly browse the web or read emails, as these could put the account at risk of being compromised.

It’s also important to ensure that regular users who don’t need administrative privileges don’t have them, because – in the event of account compromise – an attacker could quickly exploit this access to gain control of cloud services.

Use backups as contingency plan

But while cloud services can – and have – provided organisations around the world with benefits, it’s important not to rely on cloud for security entirely. While tools like two-factor authentication and automated alerts can help secure networks, no network is impossible to breach – and that’s especially true if extra security measures haven’t been applied. 

SEE: Ransomware: Paying up won’t stop you from getting hit again, says cybersecurity chief

That’s why a good cloud security strategy should also involve storing backups of data and storing it offline, so in the event of an event that makes cloud services unavailable, there’s something there for the company to work with. 

Use cloud applications that are simple for your employees to use

There’s something else that organisations can do to ensure the security of cloud – and that’s provide their employees with the correct tools in the first place. Cloud application suites can make collaboration easier for everyone, but they also need to be accessible and intuitive to use, or organisations run the risk of employees not wanting to use them.  

A business could set up the most secure enterprise cloud suite possible, but if it’s too difficult to use, employees, frustrated with not being able to do their jobs, could turn to public cloud tools instead

This issue could lead to corporate data being stored in personal accounts, creating greater risk of theft, especially if a user doesn’t have two-factor authentication or other controls in place to protect their personal account.  

Information being stolen from a personal account could potentially lead to an extensive data breach or wider compromise of the organisation as a whole. 

Therefore, for a business to ensure it has a secure cloud security strategy, not only should it be using tools like multi-factor authentication, encryption and offline backups to protect data as much as possible, the business must also make sure that all these tools are simple to use to encourage employees to use them correctly and follow best practices for cloud security. 

MORE ON CYBERSECURITY 

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/cloud-security-in-2021-a-business-guide-to-essential-tools-and-best-practices/#ftag=RSSbaffb68

ZDNET

Industry once again warns Australian government about falling behind in tech

Published

on

The Australian Academy of Science has published a policy primer calling for the federal government to place emerging digital technologies higher up the priority list.

“Australia risks falling behind as a technologically-driven nation unless we recognise emerging digital technologies as a central, independent sector in its own right, warranting investment in the core aspects of research, innovation, and workforce development,” the organisation wrote.

In the policy primer [PDF], the government-endorsed, not-for-profit organisation warned that Australia could potentially lag behind global peers, saying other nations such as Canada, France, the UK, and the US have placed more resources towards prioritising digital technologies as a strategy to bolster competitiveness.

Australia’s digital innovation earnings relative to its GDP was almost four percentage points lower than the OECD average of 11.2%, the organisation said.

To address this, the organisation put forward three recommendations that it believes would help Australia’s digital technology capability and innovation keep pace with other countries.

The recommendations are to elevate emerging digital technologies as a national science and innovation priority; include research and innovation in emerging digital technologies in the 2021 Research Infrastructure Roadmap; and recognise emerging digital technologies as an independent growth sector.

The Australian Academy of Science added that more investment is needed towards improving the digital literacy of Australians. Referring to RMIT University’s digital inclusion index, it said Australians with lower income, employment, and education have increasingly fallen behind in this area.

Kaspersky APAC managing director Chris Connell has also pushed for stronger promotion of security awareness and digital education saying that government needed to work more closely with industry to achieve this.

“We’re facing security challenges that put a strain on cybersecurity resources. Investing in cyber talent and promoting security awareness and digital education are the keys to success in building cyber resilient digital societies and economies,” Connell said.

“We need to move from the ‘needs’ to actually delivering on this — if we don’t, and the way the world is changing, there will be more and more risk moving forward.”

While the Australian Academy of Science did note the federal government’s recent digital economy strategy and modern manufacturing strategy were a “welcome signal”, it gave the caveat that government still needed to recognise the importance of building scientific capability behind the digital economy, both from an investment and narrative point of view.

“The national narrative and strategy for Australia’s digital economy needs to address the fundamental importance of building and maintaining scientific capabilities in emerging digital technologies to drive investment and build sovereign capability and capacity,” it wrote.

Following a similar theme, the Australian Information Industry Association (AIIA) a few weeks ago expressed concerns that the federal government was not placing enough resources into commercialising emerging technology, such as quantum computing.

“We are in a position of thought leadership and in some ways, we do lead the way. But our concern is that based on global trends, if we don’t take the steps necessary to maintain our position, and we’re not taking those steps, then we will in fact lose our leadership position, lose our resources, lose our IP, lose our skills, and our thought leaders,” AIIA CEO Ron Gauci said at the time. 

Related Coverage

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/industry-once-again-warns-australian-government-about-falling-behind-in-tech/#ftag=RSSbaffb68

Continue Reading

ZDNET

Industry once again warns Australian government about falling behind in tech

Published

on

The Australian Academy of Science has published a policy primer calling for the federal government to place emerging digital technologies higher up the priority list.

“Australia risks falling behind as a technologically-driven nation unless we recognise emerging digital technologies as a central, independent sector in its own right, warranting investment in the core aspects of research, innovation, and workforce development,” the organisation wrote.

In the policy primer [PDF], the government-endorsed, not-for-profit organisation warned that Australia could potentially lag behind global peers, saying other nations such as Canada, France, the UK, and the US have placed more resources towards prioritising digital technologies as a strategy to bolster competitiveness.

Australia’s digital innovation earnings relative to its GDP was almost four percentage points lower than the OECD average of 11.2%, the organisation said.

To address this, the organisation put forward three recommendations that it believes would help Australia’s digital technology capability and innovation keep pace with other countries.

The recommendations are to elevate emerging digital technologies as a national science and innovation priority; include research and innovation in emerging digital technologies in the 2021 Research Infrastructure Roadmap; and recognise emerging digital technologies as an independent growth sector.

The Australian Academy of Science added that more investment is needed towards improving the digital literacy of Australians. Referring to RMIT University’s digital inclusion index, it said Australians with lower income, employment, and education have increasingly fallen behind in this area.

Kaspersky APAC managing director Chris Connell has also pushed for stronger promotion of security awareness and digital education saying that government needed to work more closely with industry to achieve this.

“We’re facing security challenges that put a strain on cybersecurity resources. Investing in cyber talent and promoting security awareness and digital education are the keys to success in building cyber resilient digital societies and economies,” Connell said.

“We need to move from the ‘needs’ to actually delivering on this — if we don’t, and the way the world is changing, there will be more and more risk moving forward.”

While the Australian Academy of Science did note the federal government’s recent digital economy strategy and modern manufacturing strategy were a “welcome signal”, it gave the caveat that government still needed to recognise the importance of building scientific capability behind the digital economy, both from an investment and narrative point of view.

“The national narrative and strategy for Australia’s digital economy needs to address the fundamental importance of building and maintaining scientific capabilities in emerging digital technologies to drive investment and build sovereign capability and capacity,” it wrote.

Following a similar theme, the Australian Information Industry Association (AIIA) a few weeks ago expressed concerns that the federal government was not placing enough resources into commercialising emerging technology, such as quantum computing.

“We are in a position of thought leadership and in some ways, we do lead the way. But our concern is that based on global trends, if we don’t take the steps necessary to maintain our position, and we’re not taking those steps, then we will in fact lose our leadership position, lose our resources, lose our IP, lose our skills, and our thought leaders,” AIIA CEO Ron Gauci said at the time. 

Related Coverage

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/industry-once-again-warns-australian-government-about-falling-behind-in-tech/#ftag=RSSbaffb68

Continue Reading

ZDNET

Westpac has blocked 24,000 abusive messages in payments

Published

on

Westpac said it has managed to block some 24,000 transactions that were deemed as abusive payments.

In its environment, social, and governance strategy update, the bank also noted it required 19,000 customers to change the language they used in transaction descriptions before their payments could be accepted and processed.

The bank added it issued more than 800 warning letters and account suspensions and reported more than 70 customers to authorities for abusive payments.  

The bank announced earlier in the year it would not tolerate any messages containing abuse being sent in transaction descriptions. Terms considered inappropriate by the bank range from swear words through to domestic violence threats.

“We want to create a safer digital banking experience for our customers and send a clear signal that abusive messages in payment transactions will not be tolerated,” Westpac general manager of customer solutions Lisa Pogonoski previously said.

To contain such behaviour, the red and black bank rolled out a new tool enabling customers to report abuse and harassment received in the payment transaction description for inbound payments.

The bank also deployed technology to monitor outgoing payments sent through its online and mobile banking platforms, which blocks certain transactions containing inappropriate or offensive language in real-time.

In other updates, Westpac highlighted that in relation to its Customer Outcomes and Risk Excellence (CORE) program, it has completed 104 out of 327 planned activities designed to uplift the bank’s management and governance of risk. These included upgrading its transaction screen software and settings, identifying data points and establishing automated reconciliations and checks, using analytics to improve detection, and improving risk reporting through a new insights platform.

For the first half the 2022 financial year, Westpac highlighted tech expenses increased AU$40 million, attributing part of the rise was relating to the CORE program. This was off the back of a profit increase, posting AU$3.4 billion.  

IF YOU OR ANYONE YOU KNOW IN AUSTRALIA NEEDS HELP CONTACT ONE OF THESE SERVICES:

  • National Sexual Assault, Domestic Family Violence Counselling Service on 1800 737 732
  • MensLine Australia on 1300 789 978
  • Lifeline on 13 11 14
  • Kids Helpline on 1800 551 800
  • Beyond Blue on 1300 22 46 36
  • Headspace on 1800 650 890
  • In an emergency or if you’re not feeling safe, always call 000

MORE FROM WESTPAC

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/westpac-has-blocked-24000-abusive-messages-in-payments/#ftag=RSSbaffb68

Continue Reading

ZDNET

Westpac has blocked 24,000 abusive messages in payments

Published

on

Westpac said it has managed to block some 24,000 transactions that were deemed as abusive payments.

In its environment, social, and governance strategy update, the bank also noted it required 19,000 customers to change the language they used in transaction descriptions before their payments could be accepted and processed.

The bank added it issued more than 800 warning letters and account suspensions and reported more than 70 customers to authorities for abusive payments.  

The bank announced earlier in the year it would not tolerate any messages containing abuse being sent in transaction descriptions. Terms considered inappropriate by the bank range from swear words through to domestic violence threats.

“We want to create a safer digital banking experience for our customers and send a clear signal that abusive messages in payment transactions will not be tolerated,” Westpac general manager of customer solutions Lisa Pogonoski previously said.

To contain such behaviour, the red and black bank rolled out a new tool enabling customers to report abuse and harassment received in the payment transaction description for inbound payments.

The bank also deployed technology to monitor outgoing payments sent through its online and mobile banking platforms, which blocks certain transactions containing inappropriate or offensive language in real-time.

In other updates, Westpac highlighted that in relation to its Customer Outcomes and Risk Excellence (CORE) program, it has completed 104 out of 327 planned activities designed to uplift the bank’s management and governance of risk. These included upgrading its transaction screen software and settings, identifying data points and establishing automated reconciliations and checks, using analytics to improve detection, and improving risk reporting through a new insights platform.

For the first half the 2022 financial year, Westpac highlighted tech expenses increased AU$40 million, attributing part of the rise was relating to the CORE program. This was off the back of a profit increase, posting AU$3.4 billion.  

IF YOU OR ANYONE YOU KNOW IN AUSTRALIA NEEDS HELP CONTACT ONE OF THESE SERVICES:

  • National Sexual Assault, Domestic Family Violence Counselling Service on 1800 737 732
  • MensLine Australia on 1300 789 978
  • Lifeline on 13 11 14
  • Kids Helpline on 1800 551 800
  • Beyond Blue on 1300 22 46 36
  • Headspace on 1800 650 890
  • In an emergency or if you’re not feeling safe, always call 000

MORE FROM WESTPAC

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/westpac-has-blocked-24000-abusive-messages-in-payments/#ftag=RSSbaffb68

Continue Reading
Esports5 days ago

NBA 2K22 The Game Quest Explained

Esports4 days ago

Shiny Zacian and Zamazenta promotion announced for Pokémon Brilliant Diamond, Shining Pearl preorders in South Korea

Esports5 days ago

Riot to launch new client that houses all of the company’s desktop titles in one hub, rollout begins next week

Esports4 days ago

How to download Deltarune Chapter 2

Esports4 days ago

How to transfer Deltarune chapter one save files to chapter 2

Esports4 days ago

Fastest way to get Relic Resistance Weapons in Final Fantasy XIV | Spare Parts, Tell Me a Story, A Fond Memory

Esports5 days ago

Gym Rat Badge Method Secretly Patched in NBA 2K22 Next Gen

Esports3 days ago

NBA 2K22 Limitless Spot-Up and Chef Badges Explained

Esports5 days ago

New Wild Area Event begins in Pokémon Sword and Shield starring shiny Solrock and Lunatone

Esports5 days ago

Deathloop the Runt: What is It?

Blockchain5 days ago

Crypto’s networked collaboration will drive Web 3.0

Cyber Security3 days ago

KrebsonSecurity Reported That TTEC Hit With Ransomware Attack

Esports5 days ago

Respawn ‘ramping up’ Apex’s server capacity to try and fix connectivity issues following Evolution event’s launch

Esports3 days ago

What is The Old Gym in NBA 2K22 Next Gen?

Esports3 days ago

ArcSystemWorks announces ArcRevo 2021 schedule with Guilty Gear Strive as the only featured title

IOT3 days ago

How IoT Revolutionized Several Areas of the Ecommerce Industry

Esports3 days ago

Square Enix reveals Endwalker title screen on Final Fantasy XIV Letter from the producer

AR/VR2 days ago

The VR Job Hub: First Contact Entertainment, SyncVR Medical & University of Westminster

Esports2 days ago

Clash Royale League World Finals 2021 will take place in December with a $1,020,000 prize pool

Esports5 days ago

New round of balance changes is coming with Hearthstone patch 21.3

Trending

Copyright © 2020 Plato Technologies Inc.