CLOUD SECURITY

Verizon Provides an Overview of Cloud Cybercrime in a Data Breach Report

Verizon | May 24, 2021

Today's computing landscape is characterized by increases in ransomware and phishing, as well as cloud and web application attacks. Events such as the Colonial Pipeline hack demonstrate the expanded role that threat actors play in reinventing themselves to leverage newly discovered weaknesses.

According to Verizon's Data Breach Investigations Report for 2021, the world's threat perpetrators have one trait. They are both desperate for cold hard cash and are rapidly digitally transforming themselves to obtain it. The digital transformation continues with cloud apps, phishing, and ransomware.

According to the Verizon report, most breaches today begin with social engineering strategies designed to gain buy-in from busy end-users. That is the first step in gaining access to privileged credentials, delivering ransomware, or finding other vulnerabilities on a network.

Threat actors understand that any cloud breach strategy relies on effective social engineering.

According to Verizon, 85% of breaches include a human element, which threat actors prefer by a margin of 24% over breaches containing credentials. Verizon has discovered a connection between the rise of social engineering breaches and the compromise of cloud-based email servers.

According to the report, emails are being mined for privileged credentials and used for mass mailings of phishing attempts and ransomware delivery.

According to Verizon's report, public administration agencies lead all sectors in breaches last year. To steal privileged access credentials, threat actors mainly use social engineering to generate credible-looking phishing emails. The entertainment industry had the most overall activity, with 7,065 incidents and 109 breaches, led by the government, with 3,326 incidents and 885 breaches.

Threat actors targeted the entertainment industry by committing ticket fraud, intercepting online payments, and combining phishing and ransomware to divert funds from companies in this industry.

According to Verizon's report, even as enterprises pursued new digital transformation techniques during a global pandemic, threat actors discovered their digital transformation strategies. The pivot point on which bad actors' digital transformation strategies depend is social engineering — convincing people to trust an email or text message, even though it is as easy as clicking on a link.

The Verizon report provides a sobering insight into how rapidly cybercrime is transforming to become more opportunistic, deceptive, and destructive to its victims.

Spotlight

In order for a business to survive, it needs to be innovative. Companies across all sectors are now having to respond to digital businesses that are not only disrupting their industry but also threatening their existence. Therefore, how organizations buy and use technology, such as IoT, Big Data and analytics, will play an essential part in making transformation a success. This report looks at how cloud and Infrastructure-as-a-Service can provide the foundations to help businesses build a successful, collaborative future.


Other News
CLOUD APP MANAGEMENT

Cloud Data Breaches and Cloud Complexity on the Rise, Reveals Thales

Thales | June 08, 2022

The 2022 Thales Cloud Security Report, conducted by 451 Research, part of S&P Global Market Intelligence, reports that 45% of businesses have experienced a cloud-based data breach or failed audit in the past 12 months, up 5% from the previous year1, raising even greater concerns regarding to protecting sensitive data from cybercriminals. Globally, cloud adoption and notably multicloud adoption, remains on the rise. In 2021, organisations worldwide were using an average amount of 110 software as a service (SaaS) applications2, compared with just eight in 2015, showcasing a startlingly rapid increase. There has been a notable expansion in the use of multiple IaaS providers, with almost three-quarters (72%) of businesses using multiple IaaS providers, up from 57% the year before. The use of multiple providers has almost doubled in the last year, with one in five (20%) of respondents reporting using three or more providers. Despite their increasing prevalence and use, businesses share common concerns about the increasing complexity of cloud services with the majority (51%) of IT professionals agreeing that it is more complex to manage privacy and data protection in the cloud. Additionally, the journey to the cloud is also becoming more complex, with the percentage of respondents reporting that they’re expecting to lift and shift, the simplest of migration tactics, dropping from 55% in 2021 to 24% currently. Security Challenges of Multicloud Complexity With increasing complexity comes an even greater need for robust cybersecurity. When asked what percentage of their sensitive data is stored in the cloud, a solid majority (66%) said between 21-60%. However, only a quarter (25%) said they could fully classify all data. Additionally, nearly a third (32%) of respondents admitted to having to issue a breach notification to a government agency, customer, partner or employees. This should be a cause for concern among enterprises with sensitive data, particularly in highly regulated industries. Cyber-attacks also present an ongoing risk to cloud applications and data. Respondents reported an increasing prevalence of attacks, with a quarter (26%) citing an increase in malware, 25% in ransomware and one-fifth (19%) reporting seeing an increase in phishing/ whaling. Protecting Sensitive Data When it comes to securing data in multicloud environments, IT professionals view encryption as a critical security control. The majority of respondents cited encryption (59%) and key management (52%) as the security technologies they currently use to protect sensitive data in the cloud. However, when asked what percentage of their data in the cloud is encrypted, only one in ten (11%) of respondents said between 81-100% is encrypted. Additionally, key management platform sprawl may be an issue for enterprises. Only 10% of respondents use one to two platforms, 90% use three or more, and almost one in five (17%) admitted using eight or more platforms. Encryption should be a priority area for enterprises to focus on when it comes to securing data in the cloud. In fact, 40% of respondents stated that they were able to avoid the breach notification process because the stolen or leaked data was encrypted or tokenised, showcasing the tangible value of encryption platforms. Additionally, it is encouraging to see signs enterprises embrace Zero Trust and investing accordingly. Nearly a third of respondents (29%) said they are already executing a Zero Trust strategy, a quarter (27%) said they are evaluating and planning one and, 23% said they are considering it. This is a positive result, but there is certainly still room to grow. “The complexity of managing multicloud environments cannot be overstated. Additionally, the growing importance of data sovereignty is increasingly raising questions for CISOs and Data Protection Officers when considering their cloud strategy, governance, and risk management. The challenge is not only where the sensitive data resides geographically, but even who has access to sensitive data inside the organisation. There are various solutions such as encryption and key management. Last but not least, continuing to embrace a Zero Trust strategy will be essential in securing these complex environments, helping to ensure organisations can support their data and manage future challenges.” Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales Thales and 451 Research will discuss the findings in more detail during a webinar on 23 June 2022. To join, please visit the registration page. About the 2022 Thales Global Cloud Security Study As organizations step beyond the urgent actions of the last two years, they’re grappling with securing the more complex environments in which they now operate. The global edition of the 2022 Thales Cloud Security Study looked at various aspects of those impacts in a wide-ranging survey of security professionals and executive leadership that touched on issues including accelerated digital transformation, cloud migration, and the complexities of managing security in a multicloud world. The 2022 Thales Cloud Security Study is based on data from a survey of almost 2,800 security professionals and executive leaders. This research was conducted as an observational study and makes no causal claims. About Thales Thales (Euronext Paris: HO) is a global leader in advanced technologies, investing in digital and “deep tech” innovations – connectivity, big data, artificial intelligence, cybersecurity and quantum computing – to build a confident future crucial for the development of our societies. The Group provides its customers – businesses, organisations and governments – in the defense, aeronautics, space, transport, and digital identity and security domains with solutions, services and products that help them fulfil their critical role, consideration for the individual being the driving force behind all decisions.

Read More

CLOUD SECURITY

A10 Networks Recognized by Frost & Sullivan for Providing Sophisticated Cybersecurity Multi-Cloud Solutions

A10 Networks | March 29, 2022

Based on its recent analysis of the Global DDoS Mitigation Industry, Frost & Sullivan recognizes A10 Networks with the 2021 Customer Value Leadership Award for delivering secure business applications for multi-cloud environments. A10 Networks provides scalable and secure applications to enable companies and service providers to automate application management, simplify multi-cloud complexity, gain detailed business performance insights, and secure 5G networks. A10 Networks is one of the leading choices for large corporations to effectively mitigate the risks of DDoS attacks that have been growing significantly due to the digital transformation accelerated by the COVID-19 Pandemic. A10 Networks also leverages artificial intelligence and machine learning to help its clients face attacks and ensure the security of its applications. A10 has invested in strengthening processes and increasing efficiency over the years and is now in a position to extend the accrued benefits to its customers. Its ability to scale and automate DDoS protection solutions reflects a commitment to its target market of those who operate large data centers, from service providers, gaming, large enterprises, universities, and more. The company harnesses the expertise of its employees and enables an environment to ensure that their innovative ideas and relevant initiatives are leveraged to enhance customer value." Deepali Sathe, Senior Industry Analyst at Frost & Sullivan. A10 Networks implements continuous improvements based on customer feedback, and its deep understanding of modern business needs allows the company to cater to evolving customer demands. A10 leverages this customer-centric approach to offer excellent customer service that guarantees 24/7 support and rapid response to any DDoS attack that could severely affect business performance. The company is well-positioned in the market with a strong presence in more than 117 countries and it has notable customers such as Microsoft, Uber, LinkedIn, Samsung, UCLA, Godaddy, Comcast, among others. "A deep understanding of customer challenges in dealing with DDoS mitigation, and highly relevant solutions helped A10 enhance the customer experience. It continues to invest in innovative techniques to become the preferred option for large companies looking to mitigate DDoS attacks on a global scale and become a more recognized brand, rather than a best kept secret," noted Sathe. "A10 differentiates by providing a dedicated support hotline to experts assigned to its DDoS security incident response team (DSIRT) for its Thunder TPS customers, above and beyond regular support services. In the event of disruption despite the presence of a DDoS solution, DSIRT helps to diagnose, interpret, and stop an attack." Each year, Frost & Sullivan presents this award to the company that demonstrates excellence in implementing strategies that proactively create value for its customers, focusing on improving the return on the investment that customers make in its services or products. The award recognizes A10 Networks' unique focus on augmenting its customers' value, beyond simply good customer service, leading to improved customer retention and customer base expansion. Frost & Sullivan Best Practices awards recognize companies in various regional and global markets for demonstrating outstanding achievement and superior performance in leadership, technological innovation, customer service, and strategic product development. Industry analysts compare market participants and measure performance through in-depth interviews, analyses, and extensive secondary research to identify best practices in the industry. About Frost & Sullivan For six decades, Frost & Sullivan has been world-renowned for its role in helping investors, corporate leaders, and governments navigate economic changes and identify disruptive technologies, Mega Trends, new business models, and companies to action, resulting in a continuous flow of growth opportunities to drive future success. Contact us: Start the discussion.

Read More

AWS INFRASTRUCTURE

Cascadeo Announces Integration of Amazon DevOps Guru and cascadeo.io

Cascadeo | May 26, 2022

Cascadeo, a leading cloud IT transformation services provider, today announced the integration of Amazon DevOps Guru with cascadeo.io, Cascadeo’s cloud monitoring and management platform that provides users with a single view of multi-cloud or hybrid infrastructure environments. Amazon DevOps Guru is a machine learning (ML) service that is designed to improve application performance, including monitoring for behaviors that could impact availability. When critical issues are identified, Amazon DevOps Guru automatically sends an alert that includes both the likely root cause and the context for where or when the issue occurred. Amazon DevOps Guru is also able to provide recommendations for remediation. When deployed in tandem with cascadeo.io, users can quickly set up and configure Amazon DevOps Guru and manage it along with their other cloud tools. Amazon DevOps Guru ingests data from Amazon CloudWatch, AWS Config, AWS CloudTrail, and AWS X-Ray, and Cascadeo.io offers customizable alert flows and integrations. For example, users can consolidate notifications to email, SMS, Slack, or other endpoints. “Companies often find themselves in different phases of public cloud deployments. While the goal is always to get to true, cloud-first IT transformation, cascadeo.io provides a single-view platform for IT operations teams across all infrastructure, from on-premises to hybrid, to multi-cloud. As clients undertake new projects or get to cloud maturity, with cascadeo.io they do not have to change their toolset, helping to accelerate adoption and keep KPIs consistent,” Baserman said. Garret Baserman, Senior Director, Cascadeo Cascadeo is available in AWS Marketplace and is qualified as an AWS Premier Tier Services partner, and in January of this year announced a Strategic Collaboration with Amazon Web Services (AWS). The customer base includes both private and publicly traded organizations across North America, with a focus on mid-sized and enterprise businesses. In 2021, Cascadeo was named to the Gartner Magic Quadrant for Public Cloud IT Transformation Services, Global 2021. About Cascadeo Cascadeo is an AWS Premier Tier Services and Managed Services Provider (MSP) that specializes in cloud migration, AIOps, machine learning, and data analytics. Through managed and professional services, Cascadeo helps organizations achieve IT transformation in the public cloud.

Read More

VWMARE CLOUD

Otava Achieves VMware Cloud Verified Status

Otava | April 27, 2021

ANN ARBOR, Mich., April 27, 2021 /PRNewswire/ -- Otava, a global leader in secure, compliant cloud solutions, today announced it has achieved VMware Cloud Verified status. The Cloud Verified designation indicates that a provider offers the complete VMware-based software defined data center infrastructure delivered as a service. VMware Cloud Verified partner services enable customers to achieve unmatched levels of consistency, performance and interoperability for both traditional or containerized enterprise applications and the confidence that the service is based on the most advanced VMware cloud technologies. "VMware's Cloud Verified designation validates the strength and depth of features and functionality in Otava's hybrid cloud portfolio. We're honored to be among the small handful of U.S. cloud providers to have achieved the designation," said Brad Cheedle, CEO, Otava. "Otava's hybrid cloud portfolio provides existing and new customers with a wide range of performance features and models - from private, to resource-pooled, to shared cloud - so they can precisely optimize every workload to its ideal cloud service. Unique to Otava, compliant cloud comes standard at no extra cost. Our exceptional team is laser focused on making complex cloud solutions easy for our customers by combining flexible, customizable offerings with our consultative and high touch support. This status highlights their dedication to excellence.” "Partners that are VMware Cloud Verified provide organizations with complete and advanced VMware Cloud technologies, along with interoperability across clouds for greater advantage for their customers' businesses," said Jim Aluotto, senior director, Cloud Provider Business, Americas Region, VMware. "Cloud Verified services delivered by VMware Cloud Providers can provide the efficiency, agility, and reliability inherent in cloud computing. We look forward to supporting Otava as it empowers organizations with a simple and flexible path to the cloud.” VMware's global network of more than 4,500 cloud providers leverage VMware's consistent cloud infrastructure to offer a wide array of services in over 120 countries, provide geographic and industry specialization, and help customers meet complex regulatory requirements. For information on how to become a Cloud Verified partner, please visit: https://www.vmware.com/partners/service-provider/vmware-cloud-verified-logo.html. About Otava Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava's global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. VMware, VMware Cloud, VMware Cloud Verified and VMware Cloud Provider are registered trademarks or trademarks of VMware, Inc. in the United States and other jurisdictions. Otava Contact Christy Kemp ckemp@dahliapr.com

Read More

Spotlight

In order for a business to survive, it needs to be innovative. Companies across all sectors are now having to respond to digital businesses that are not only disrupting their industry but also threatening their existence. Therefore, how organizations buy and use technology, such as IoT, Big Data and analytics, will play an essential part in making transformation a success. This report looks at how cloud and Infrastructure-as-a-Service can provide the foundations to help businesses build a successful, collaborative future.

Resources