No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

The 5 Worst Threats to Enterprise Cloud Security

by Kamesh Ganeson
December 15, 2015
in Risk
finserv whatsapp

As more companies and large corporations move their business operations to the cloud, increased awareness for tighter security is gaining traction as well.  Organizations such as the Cloud Security Alliance (CSA) have been leading the path toward a more secure cloud computing environment for enterprises.

Large multinational tech companies have ramped up their security service offerings, as in the case of IBM: in 2014, they introduced the Dynamic Cloud Security portfolio, which is expected to solve cloud security concerns related to access control, data protection and increased visibility.

But unless users remain vigilant in taking the necessary steps to secure their networks, hacking and other cybersecurity threats are a very real concern.  Here’s a list of the worst threats to cybersecurity and some of the countermeasures you can implement to avoid them.

Data Loss

Data loss may happen in several ways, one of them being when a disk drive is damaged and dies as a result.  Without a backup, it’s harder to retrieve the drive’s contents. Another way it can happen is when the key to unlocking encrypted data is lost.  The worst kinds are those that take place because of an intentional attack, where hackers and malicious elements force their way into the cloud to erase valuable and confidential enterprise data.  To prevent the negative consequences of data loss, never forget to backup your cloud data. It’s a simple and effective solution that can easily be implemented right away.

Breach of Data

If a data loss can occur due to simple negligence or the built-in obsolescence of certain gadgets, the cause of data breaches are a lot less innocent. In most cases, a data breach happens as a result of a malicious or intrusive intent.  Some of the most high-profile cases occurred in recent years. During the 2013 holiday season, Target was the victim of a massive series of data thefts that resulted in the exposure of up to 40 million credit and debit cards to fraud, with up to 110 million individuals affected.  Other cases include those that occurred with the world’s largest home improvement retailer, The Home Depot, financial giant JPMorgan Chase and even one of the most powerful governments in the world, the White House.

To prevent a data breach, invest in data encryption tools. Some are even free, such as Bitlocker, FileVault, DiskCryptor and AES Crypt. And also, never forget or lose your data encryption key.

Account Hijacking

Account or service traffic hijacking is a type of identity theft where data collected from a computing device or cloud enterprise is stolen and used for unauthorized activities—often with malicious intent.  A hacker who illegally gains access to accounts can use the data on the cloud, often with dire consequences. Examples include phishing, buffer overflow attacks and loss of passwords and other sensitive or confidential data, where the owner or enterprise loses control over the account—in the worst case scenarios.

Hackers can manipulate data, damage a business’s reputation and cause disruption to normal day-to-day operations for an enterprise that falls victim to account hijacking.  Large corporations such as online retailer Amazon, as well as the websites of government agencies such as the U.S. Department of Transportation and NASA have had their online platforms compromised.

The best defense strategies against account or service traffic hijacking are easy and straightforward: never share account credentials or passwords with anyone, including business partners or colleagues, implement a strong two-factor authentication technique and update passwords on a regular basis.

Distributed Denial-of-Service (DDoS) Attack

A DDoS attack happens when multiple systems flood the bandwidth of a target system or web servers of an enterprise—the result of several compromised systems flooding the targeted system with traffic.  DDoS attacks are considered to be old disruptors of online business operations, and thus, mostly manageable. But, hackers in recent years have adopted increasingly sophisticated ways of managing an attack. This has made it harder to trace bad users from legitimate ones. In 2013, it was reported that the number of attacks rose by as much as 50 percent.

DDoS attacks may impair a customer’s cloud service, and when this occurs, the customer is billed for by the cloud provider for the resources consumed during the attack.  When this type of attack is not detected and not taken down in time, it can prove to be too costly to continue operations, potentially resulting in the disruption of normal business operations.

The best defense against this threat is hiring the services of top DDoS protection service providers. Because of its complexity, it’s recommended to have a team of experts to provide guidance as to the best preventive measures to mitigate threats. A few reputable providers include Incapsula Enterprise, F5 Silverline DDoS Protection and Arbor Cloud.

Insufficient Due Diligence

Insufficient due diligence sadly takes place far too often in most business enterprises, resulting in insecure IT systems and unprotected data infrastructures that make them more vulnerable to attack.  There are many benefits to using the cloud, but businesses must have a clear understanding of what it takes to keep data safe and secure. Ideally, enterprises must always remember to involve the IT team before introducing any cloud computing initiatives to the organization.

It is best to hire a team of IT experts, ideally those who have undergone formal training such as the cloud technology associate certification course. This team should be headed by a CISO to overlook cloud security matters.  Having these experts on board will guide an enterprise in such matters as the correct incident response, encryption use and how to monitor the IT infrastructure.

As a final note, it is important to take the necessary measures to ensure that the IT infrastructure of an enterprise remains secure from any cyber attacks.  Having a team of experts to take charge of enterprise IT security will give organizations a better chance of avoiding the negative effects, which are possible results of one or all of the abovementioned security threats in the cloud.


Previous Post

EY Identifies Top Fraud and Corruption Trends for 2016

Next Post

A Practical Approach to Supply Chain Risk

Kamesh Ganeson

Kamesh Ganeson

December 15 - Kamesh Gameson headshotKamesh Ganeson is one of the most sought-after speakers and consultants with expertise in and experience spanning 25 years in quality management, enterprise risk management, business continuity and disaster recovery, information security, strategic business planning, IT service management, IT governance, crisis communication and corporate sustainability management. With considerable experience across multiple industries, he takes great pleasure in sharing knowledge, accruing value and providing practical solutions to clients that he works with. He is currently the Director for Delivery and Project Management at ECC International (ECCI) APEX Global Learning.

Related Posts

Fox_DOJ Speeches_f

Analysis of Recent DOJ Statements

by Corporate Compliance Insights
March 23, 2023

DOJ leaders provide insight into agency's plans. Analysis of Recent Statements DOJ Shaping the Future of Corporate Criminal Enforcement What’s...

Fox_2023 ECCP Update_f

2023 Evaluation of Corporate Compliance Programs

by Corporate Compliance Insights
March 23, 2023

Keeping up with 2023 changes to DOJ guidelines. Additions, Deletions & Changes From 2020 2023 Evaluation of Corporate Compliance Programs...

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

Next Post

A Practical Approach to Supply Chain Risk

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT