The UK’s National Cyber Security Centre (NCSC) recently released its cyber incident trends report for the period between October 2018 and April 2019. The report covers five main cyber attack trends seen in the UK – (1) attacks on Office 365 deployments (and cloud services in general), (2) ransomware, (3) phishing, (4) vulnerability scanning, and (5) supply-chain attacks. “All the incident types noted have resulted in compromises within the UK, some significant in nature,” it says.
Service and Deployment Models, Challenges and Security Principles
Most businesses think of cloud services as being either less secure than on-site services because they expose sensitive data to a wider range of possible attacks or breaches, or more secure because “everything” is taken care of by the cloud provider. The fact, however, is that cloud computing comes with security challenges that are different from but not necessarily more or less serious than what a business would face in an on-premises environment. Whatever security issues there are in the cloud model are due more to users’ inability to adapt quickly to the new threat environment and address security needs specific to the cloud than to any inherent weaknesses and security loopholes in the model itself. In most cases, the learning curve that organizations need to go through before attaining a secure state on the cloud is a bigger challenge than developing technology to address security concerns.
The SANS Institute released a new cloud security report recently based on a survey of several hundred companies across the US, Asia, Europe, and Canada. The companies surveyed ranged from the small (under 1000 employees) to the very large (over 50000 employees) and represented a variety of industries including 32 percent from the technology sector and 11 percent from the finance sector.
EthicalHat partners with CISOs to help them achieve their security goals in alignment with their business goals. We support companies of varying sizes by developing custom security solutions, well-suited for their environments and needs.
We are a group of highly motivated security engineers who see the online security challenges as opportunities to help diverse business models achieve their security objectives. Information security is not our career – it is our passion.