Industries and organizations critical to the fight against Covid-19 have faced an upsurge in cyber attacks due to their rapid transition to cloud platforms.
When the world began to realize the global spread of Covid-19, organizations around the world suddenly found themselves unable to maintain their work habits.
Offices were closed, stay-at-home orders were imposed, and consumer demands often could only be met through deliveries, virtual services, and e-commerce platforms. As a result, large enterprises and SMBs began to move rapidly from on-premises systems to the cloud, in order to facilitate telecommuting models and seize new business opportunities.
Business cloud spending is estimated to have increased 28% in the second quarter of 2020 alone, compared to the previous year. However, according to Palo Alto Networks latest cloud threat report released on Tuesday, the cybersecurity firm believes moving workloads to the cloud also means businesses are struggling, months later, to manage. and automate cloud security.
Industries critical to the fight against Covid-19 have seen a notable increase in cloud-related security incidents. Retailing, manufacturing and government entities were hit the hardest, according to the report, with attack attempts for these categories increasing by 402%, 230% and 205% respectively during the pandemic.
Chemical makers and scientific and research organizations have, unsurprisingly, become key targets for attackers as a result of the outbreak. Notable examples include attacks on vaccine manufacturers and the European Medicines Agency (EMA).
A “lagging” security
According to the data and analyzes communicated by Unit 42, the most common safety problems in industries linked to Covid-19 are as follows:
“This trend is not surprising; these same industries were among those that faced the greatest pressures to adapt and grow in the face of the pandemic – retailers for basic necessities, and manufacturing industry and government for supplies and aid. facing Covid-19 ”, indicates unit 42.“ Although the cloud allows companies to rapidly expand their teleworking capabilities, the automated security controls around DevOps pipelines and continuous integration / continuous delivery (CI / CD) often lag behind in this rapid movement. “
However, not all industries are created equal, and some fare better than others in their attempts to secure their workloads in the cloud.
Some recommendations to mitigate the risks
Access logging controls, access key rotation, and version control in cloud storage containers – a way to track changes, implement them, and maintain cloud systems – are some of the methods that can be employed to enhance the security of these systems.
The team found, however, that publicly exposed cloud systems – which can leak personal data belonging to customers or employees as well as sensitive corporate data – continue to be a problem. The numbers are high: An estimated 30% of organizations that use cloud hosting services let some type of private content slip online, with access control issues blamed for such widespread exposure.
Unit 42 recommends that organizations focus on having good visibility into their workloads in the cloud, keeping an eye on storage configurations, and adopting and enforcing DevOps security standards. in order to mitigate the risks.