Cloud security breaches: Are you at risk?

Cloud security breaches can cost companies like yours in more ways than one – including damaged brand reputation and lost customers.

Here are some recent examples that happened to companies you’d expect to be invulnerable to cyberattacks:

• Yahoo. The hack started with a spear-phishing email sent to an employee and wasn’t reported until two years later. More than 3 billion customers were affected.
• LinkedIn. A data scraping breach resulted in information on 700 million users being posted to the dark web, setting the stage for a flood of social engineering attacks. The company refused to take responsibility and drew criticism for it.
• Facebook. A leak of user data – including names, phone numbers, locations, email addresses and other profile details – landed the social media company in big trouble with the feds and a $5 billion penalty. Although Facebook posted a report on its blog about the attack and the mitigation response, the company’s reputation took a hit.
• Marriott International. An investigation into a leak of personal information of more than a half-million guests found that Marriott inherited a compromised network when it acquired Starwood hotels (which included the Westin, Sheraton, St. Regis, and W chains). For some reason, Marriott continued to use Starwood’s outdated IT infrastructure, which may have been the cause of the breach. It served as an important lesson for any business involved in mergers and acquisitions.

Bottom line: if these well-known companies got hacked, it could happen to you.

Reducing risk of cloud security breaches

The more your company uses cloud devices and software, the more IT needs to evaluate their security and interconnectivity to prevent cloud security breaches.

You’ll also want to verify that any department using cloud-based software has been properly trained on using it securely.

Although it’s impossible to stop every cyberattack, your firm’s IT team could use some help defending the company’s assets, including:

• investments in up-to-date prevention and detection technology
• getting details from software vendors about what security precautions they have in place to deter breaches and similar threats
• cybersecurity insurance, and
• tools for recovering company data if it’s ever stolen or locked up by ransomware.

If you don’t already have one, you may want to consider creating a cyberattack disaster recovery plan, which should include a complete inventory of all IT assets and configurations that’s updated as devices are added, removed or changed.