Analysts at Allied Market Research report the global cloud services market, valued at $551.8 billion in 2021, is projected to hit $2.5 trillion by 2031. A growth rate that outpaces many industries.
But there’s a saying that trees growing too quickly often have the weakest wood. Has the cloud market grown too fast to be so weak to parasites?
The Snowflake cloud breach that affected Ticketmaster revealed flaws in what many consider a security staple: two-factor authentication (2FA).
The Snowflake breach – A wake-up call
In 2024, Snowflake, a Montana-based data platform, experienced a significant breach, which affected an estimated 165 organizations.
Investigations by Mandiant and Crowdstrike revealed that a North American hacking group, possibly with ties to Turkey, was behind the breach.
They used stolen credentials dating back to 2020, obtained through malware campaigns. These credentials remained valid due to inadequate security measures.
As a result, the hacker was able to bypass these security measures, including 2FA, using a custom-developed tool dubbed rapeflake.
Why 2FA falls short
For a while now, two-factor authentication (2FA) has been hailed as the holy grail of online security. However, like yesterday’s newspaper, it’s starting to show its age.
Why is this the case?
Several reasons! Sophisticated phishing attacks can now trick users into revealing their 2FA codes, and SIM-swapping attacks can intercept SMS-based 2FA.
Also, smart threat actors are using malware on devices that can capture and transmit 2FA tokens to attackers, and social engineering tactics can manipulate users or support staff into bypassing 2FA.
In the Snowflake hack, attackers exploited weak 2FA implementation by acquiring stolen credentials through phishing and malware.
Many impacted accounts lacked MFA, and valid credentials were used years after being stolen, highlighting poor password update practices.
Another thing, a lack of network access control allowed unrestricted login attempts. The hackers developed custom tools to mimic legitimate logins, further complicating detection.
Advanced measures for robust cloud security
The security breaches at Kaseya, Facebook, Cognyte, Verizon, and Raychat underscore the urgent need for “pruning” and “weeding” of the fast-growing tree – the cloud industry.
And perhaps the right tool is to implement a multi-layered approach.
Verify the user
Modern authentication techniques go beyond just two-factor authentication. A combination of Multi-Factor Authentication (MFA), Behavioral Analytics, and Adaptive Authentication can offer a more robust defense.
- Multi-Factor Authentication (MFA): Incorporate additional layers such as biometrics, hardware tokens, or device certificates. These methods ensure that even if one authentication factor is compromised, unauthorized access is still difficult.
- Behavioral Analytics: Continuously monitor user behavior, analyzing patterns like typing speed, device usage, and geolocation. This helps detect anomalies, such as logins from unfamiliar locations or unusual access times, flagging suspicious activities in real time.
- Adaptive Authentication: Leverage context-aware systems to adjust security requirements based on factors such as location, device type, and access history. This approach reduces friction for trusted users while enforcing stricter security for risky scenarios.
These techniques work together to verify a user’s identity across multiple domains: what they know (password), what they have (device or token), and who they are (biometrics, usage patterns).
Secure the connection
Modern networking techniques such as Zero Trust Architecture strengthen security by ensuring that no user or device is trusted by default. This approach continuously authenticates and authorizes users and devices at every stage, regardless of whether they are inside or outside the network.
Additionally, monitoring devices for suspicious activity, such as unusual access patterns or configuration changes, adds an extra layer of security to prevent breaches before they escalate.
Secure the environment
Authentication and connection security mean little if the underlying infrastructure is vulnerable. Cloud environments should be regularly tested beyond surface-level configurations. Security audits should not only verify that systems comply but also conduct in-depth tests on internet-facing assets, minimizing exposure of sensitive information and services. This prevents attackers from exploiting overlooked or poorly configured areas.
Security teams and developers must move beyond trusting that their cloud setups are inherently secure. Continuous in-depth testing across application and infrastructure layers helps catch vulnerabilities that basic security measures or configuration checks might miss.
Future-proofing your cloud security
Educate your team
Regular security awareness training is essential to equip employees with the knowledge to recognize and respond to potential threats.
These training sessions should cover the latest phishing tactics, the importance of strong passwords, and the best practices for maintaining data security. An informed team is a critical line of defense against cyber threats.
Stay informed
Keep up with the latest security trends and emerging threats in the cloud computing space. Subscribe to cybersecurity news feeds, attend relevant conferences, and participate in professional networks. Staying informed allows you to anticipate and counter new threats before they become serious issues.
Invest in advanced tools
Consider adopting AI-powered security solutions that can predict and prevent sophisticated attacks. These tools use machine learning algorithms to analyze vast amounts of data and identify patterns indicative of potential security breaches. By integrating these advanced tools, you can enhance your ability to detect and mitigate threats proactively.
Collaborate with ethical hackers
Engage with cybersecurity firms that offer ethical hacking services to test and strengthen your defenses. Ethical hackers simulate cyber-attacks on your systems to uncover vulnerabilities before malicious actors can exploit them. This proactive approach helps you identify and address security gaps effectively.
Implement least privilege access
Ensure that users have only the minimum level of access necessary to perform their tasks. This principle of least privilege reduces the risk of unauthorized access and limits the potential damage if an account is compromised. Regularly review and adjust access levels based on users’ roles and responsibilities.
Encrypt Data at Rest and in Transit
Use robust encryption protocols to protect your data both when it’s stored and when it’s being transmitted. Encrypting data at rest ensures that it remains secure even if physical security measures fail. Encrypting data in transit protects it from interception and tampering during communication processes.
Develop an Incident Response Plan
Have a clear, tested strategy in place for responding to potential security breaches. Your incident response plan should include steps for identifying and containing a breach, notifying affected parties, and recovering from the incident. Regularly update and practice your plan to ensure your team can act swiftly and effectively in the event of a security breach.
Remember, cloud security is a tree that demands frequent care – it’s an ongoing process. So, regularly reassess your security measures, stay informed about emerging threats, and be prepared to adapt your strategies as the threat landscape evolves.
Author
Alex Wells, with a technical background and an MBA, is passionate about innovation and its impact on daily work life. She began her career in Vodafone’s cybersecurity portfolio, later advising other cyber companies, and currently addresses marketing challenges at Hadrian.
01
Dutch at Slush 2024: Meet the four 4TU startups who are fundraising at the world’s most founder-focused event