7.1 Description of ThreatUsing the cloud to manage data and applications has brought in many benefits to the organizations. While this is a good thing, it has also introduced a new concern which is opening opportunities for hackers to hijack organization’s data for better monetary rewards. While data are managed by the cloud, it means that the data is no longer absolutely safe as they are stored in the cloud instead of organization. Compromised account credentials are also another root cause of this threat due to weak passwords and the lack of good system to detect abnormal activities by the users.
With credentials, hackers can do things like hijacking of user’s sensitive data and also spread malware to the rest of users which can cause even more users to be a victim of this threat.Cloud threats can bring in consequences that has a serious impact on organizations and customers. For example, there will be a potential loss of data such as sensitive customer data which can affect organization’s reputation in a bad way. Another example would be suffering downtime in the cloud as applications or services are not available to the users.
A short downtime is enough to bring losses to the organization and will surely affect organization’s business in a bad way.7.2 Nature of ThreatCloud threats come in a variety of ways, depending on how the attacker chooses to attack.
Attackers may do a DDoS attack to the organization in order to disrupt users from accessing the services or applications by exploiting vulnerabilities in the cloud implementation to deplete all of the target’s resources in the cloud. This can cause a serious impact to the organization’s business due to inaccessibility to the services or applications.Attackers can also do a ransomware attack by gaining access to a cloud service provider and spread the malware to the rest of users by sharing infected files through platforms like email. When users click on the infected files through email, they will become a victim of ransomware attack and might even cause their whole company to be affected by ransomware attack if that user opened the email in company’s network.When companies become a victim of cloud threat, it will have a serious impact on their businesses and reputation especially if their sensitive customer data is lost or leaked.Cloud service providers will suffer losses should they become a victim of cloud threat and their customers will lose confidence on their service.
Their reputation that is built throughout the years may be tarnished in just one cloud attack which is why they must stay vigilant and be aware of this threat.When cloud consumers credentials are compromised, the attackers can leverage their account credentials to spread malware to the rest of the cloud consumers in the cloud and can cause even more consumers to be a victim of cloud threat.7.3 Mitigation of ThreatEven though the threat may have affected many people, it can still be mitigated in simple ways. Firstly, if you receive email with attachments or links, delete it immediately and don’t even open it unless it is from a trusted source that you know. Secondly, Always update the software you use regularly as those updates include patches for newly discovered malware and vulnerabilities. Thirdly, make sure that the cloud service you use regularly backs up your files to ensure you can recover them in case you become a victim of ransomware.
It is also important to conduct security training for staff and educate them with the necessary cybersecurity knowledge to help mitigate the cloud threat.In the future, advanced technologies can help to protect both cloud providers and their customers. For example, using multi-factor authentication can help to increase the cloud security level and prevent unauthorized access to the cloud services. Using Behavioural analytics can also help to detect unusual patterns and activities in accounts and system administrators may take necessary steps to mitigate the threat.