More businesses now use the cloud to store their customers’ data. As with all new technologies though, hackers will look to exploit any security vulnerabilities they can find. Furthermore, a number of high profile attacks have taken place against cloud storage systems in recent years.
In this article, Head of Operations at payment gateway and merchant services provider Total Processing, David Midgley, examines why businesses have moved to cloud storage options, why cloud storage have been vulnerable to attack and how to make cloud storage more secure going forward.
Growing internet penetration and affordable data packs has meant consumer-focused businesses have boomed in the last ten years.
For example, all of the big supermarkets now let you order your groceries online and websites exist that can be used to order a takeaway, while Amazon can now be used to order almost anything! Most of these services now also have apps to make such transactions even easier for the consumer too. Due to these innovations, consumers are now increasingly comfortable making financial transactions on the web. I’d even go so far as to argue that consumers have now come to expect the ease and convenience of making financial transactions in this way. However, the public should be wary of handing over their financial details so easily.
A lot of businesses have embraced cloud storage options in recent years to store their data, including sensitive customer data. However, some businesses don’t seem to understand the potential hazards of using such a method for storing customer data.
While the cloud has opened up new frontiers, it’s also opened up a new world of security concerns; malicious parties, such as hackers, now have even more avenues with which to try and access people’s personal information. Thus, as businesses begin to use the cloud more and more, this means there is more data to target too. Therefore, more arenas for hackers to search for security weaknesses plus more data to target adds up to an increasing number of opportunities for hackers to gain access to the sort of information none of us want them anywhere near.
Therefore, it is vitally important that businesses processing and storing customer information do their upmost to ensure it is secure and safe from those with sinister motives.
However, this unfortunately is not always the case. Many businesses neglect Payment Card Industry (PCI) security standards, which can lead to problems down the line. Furthermore, as many as 70% of businesses neglect implementing a rigid IT security plan and don’t maintain a reasonable level of security practice & procedure. I find this very worrying as someone working in the fintech sector given that more and more people are making transactions online.
When considering cloud storage systems, these concerns have a lot of validity as it has to be remembered that the last couple of years has seen a number of high profile attacks against cloud storage systems. For example, Apple’s iCloud platform was famously attacked in 2014 in a large data breach that compromised the personal photographs of many high-profile celebrities. In turn, this caused both Apple and the celebrities a lot of distress and subjected them to unwanted media attention. Furthermore, in July 2015, a group calling themselves The Impact Team claimed to have stolen the personal details of all 37 million users of the extra-marital dating site Ashley Madison from their cloud-based servers. The next month, The Impact Team then used BitTorrent and the darknet browser Tor to execute two large dumps of data into the public domain. In turn, this led to a number of those whose details had been published during the data dumps being targeted by extortionists for large sums of money.
On both occasions, it appears that the hackers were able to access all of the information being stored on Apple’s iCloud server and Ashley Madison’s cloud server following a single hack too. Regardless of what you think of the celebrities for being so silly as to store such intimate photos on Apple’s central server rather than a private hard drive or what you may think of the users of Ashley Madison, there are real consequences when companies’ data storage systems are compromised and these consequences can have a terrible effect on the lives of those affected. Furthermore, everyone affected had a reasonable expectation of privacy and also that their personal photographs or personal information would remain secure on Apple and Ashley Madison’s servers too. Therefore, in addition to user data having been compromised, the trust their users had placed in Apple and Avid Life Media, the company behind AshleyMadison.com, has also been compromised. There may also have been consequences for Apple’s sales figures, as the sales of iPhones and iPads have declined in the last couple of years.
However, it should be remembered that hackers will attack wherever they can find a weak spot in a company’s security. Therefore, it may not necessarily be true to say that cloud storage alone has made businesses more vulnerable to hacking. Instead, it may be that the high-profile attacks that have taken place have put the spotlight onto cloud storage systems, thereby making them more of a target for hackers who now know that vulnerabilities exist with this new innovation.
Furthermore, hackers have been targeting long standing, established businesses. Therefore, such high-profile attacks against cloud systems, be it against Ashley Madison last summer, Sony in November 2014 or the attack against Yahoo that occurred just yesterday (Thursday 22 September 2016), may have taken place because these well-known companies have expanded into the cloud without the remediation, fixes, patches and robust security measures needed to secure such large data sets being in place yet.
Therefore, I’m sure we can all agree that online security needs to be a top priority for all businesses. The good news is that it really isn’t difficult. For starters, all companies, bog or small, need to keep all their security software up-to-date. Furthermore, privacy and spam settings need to be rigid too, and finally, two-stage authentication like 2FA (2-Factor Authentication; Password and SMS) needs to be implemented in order to access confidential or sensitive information.
While some users may grumble about the necessity and extra time needed to complete a 2FA process, I’m sure they would understand and be appreciative of banks and eCommerce sites putting such rigid procedure in place given what the consequences can be.