Physical storage systems have inevitably helped to preserve useful data for future use and reference.
In many ways, the physical storage system is not considered too safe for data keeping because it is susceptible to physical damage, which causes a major loss of important documents. Also, the fear of theft has made most tech-savvy individuals embrace the cloud storage system of data keeping, and the convenience of accessing information anywhere in the world with just a few clicks.
However, with the increasing data insecurity in cloud storage, users who may have preferred cloud data storage as their primary storage may be at a dilemma as to which storage type is safer. Experts at Kaspersky’s security services warn major users of cloud storage on the current cyber threats this year.
Kaspersky’s Prediction
According to Kaspersky, the cybersecurity of corporations and agencies has become more important than it was, and the year 2023 would not be different. The Digital Footprint Intelligence (DFL) and, Digital Forensics and Incident Response (DFLF) teams at Kaspersky predicts, announcing via the yearly Kaspersky security bulletin that;
More personal data and corporate email at risk – This year, more personal data and corporate email is at risk of cloud data theft. Following the trend, a high number of data leaks were recorded in 2022 on online platforms such as Medibank, Whatsapp and Uber. Also, 105 million records of Indonesian citizens data were stolen from the national database and priced at $5,000.
More media blackmail – More media blackmail resulting when large businesses with cloud storage systems would get hacked, and the data posted publicly. The number of hacked post increased from 2020 to 2022, from more than 3000 in ten months to over 5000 in a ten month period. 2023 may experience even more of this.
More fake hack news – More fake hack reports by cybercriminals is predicted this year. Fake hack report is used as a media manipulation tool to hurt businesses even when the hack is not true. Cybercriminals often employ this scheme to boast ego and influence.
Malware-as-a-service – Malware-as-a-service is an attacking strategy by deceiving web users into renting a malware tool, thereby creating room for ransomware attacks. Ransomware attack is predicted to increase in 2023.
Prior to now, data leakage has been a major challenge of cloud data storage. Since cloud computing technology delivers on-demand availability of electronic data without direct active control by the user, it is susceptible to attack if the cloud service provider is not on guard to safeguard customers’ data.
Who Does Cloud Data Theft Affect?
- Cloud service provider
- Corporations and agencies using the service
- The primary owners of data
How To Avoid Data Breach/Leakage
To minimize the chances of cloud data theft, data owners must use only trusted cloud services, ensuring that the GDPR policies and procedures offer a good guarantee.
How can data be hacked?
Abuse of insecure API – Abuse of insecure API’s (Application Programming Interfaces) by hackers so as to gain unauthorized access through phishing and changing key functions to raid a server.
Human error – Data theft can occur from human error, like indiscriminately sharing files or giving permission without any thorough check. For example, Amazon S3 cloud storage requires permission to make data accessible to the public; failing to restrict public access might expose data for public consumption.
Operational gaps – Cloud leaks are often an operational problem, and a lack of monitoring the privacy of the cloud data system can give access to hackers, especially if processes that govern data handling is unchecked.
The Way Out
The good news is that data leakage or theft can be avoided using cloud storage validation. Cloud storage validation is a system of test running a cloud storage system to check if it works as designed. This can help detect operational negligence or loopholes that could make it vulnerable to hackers.
Cloud service providers would need to validate internet-facing leak sources such as misconfigured GitHub repositories and susceptible sync servers. End-to-end validation is also crucial to guard against cloud data theft.
The big question is, how well do you trust your cloud data service provider? Have you read the GDPR policies and procedures?
Join the conversation; follow us on Facebook, Instagram, and Twitter at GoSpeedHub.
Photo By Starline
