Each new year brings with it a new set of challenges for businesses to overcome.
This is the case for law firms implementing or hoping to adopt cloud technologies. Cloud systems offer companies abundant opportunities to advance their capabilities and reach new heights; however, these systems come with their own inherent security risks as well.
As the technology continues to develop, so too does the need for law firms to protect themselves from malicious actors and other lapses in cloud safety. Here are some of the top cloud security concerns companies should be prepared for in 2018.
Where is cyber security accountability?
“Ransomware damages for 2017 are expected to surpass $5 billion.”
Companies adopting the cloud often think that the responsibilities of data protection fall to the provider when in reality this job belongs to the customer using the provided cloud system.
“We are in a cloud security transition period in which focus is shifting from the provider to the customer,” said, Jay Heiser, vice president and cloud security lead at Gartner, Inc., to cybersecurity publication CSO Online. “Enterprises are learning that huge amounts of time spent trying to figure out if any particular cloud service provider is ‘secure’ or not has virtually no payback.”
Cloud providers are generally not required to protect customer information or workloads in manners that exceed the terms of the service level agreement. Meaning anything not covered within the agreement is left to the customer to safeguard.
Companies should study their provider’s shared responsibility model to determine what additional protections they may need to employ.
Ransomware attacks on business
Ransomware is a type of malware that when activated, locks the affected computer or system’s files with a powerful encryption. The ransomers then demand the victim pay a fee to decrypt their data or lose if permanently. According to the MIT Technology Review, companies often pay the ransom, especially if the inaccessible data was not backed up. Cases of the malicious attack have been growing over recent years.
“In 2016, an average of 40 percent of spam emails contained malware links to ransomware, an increase of 6,000 percent over 2015, when less than one percent contained ransomware,” said Marc van Zadelhoff, general manager for IBM Security, to Cyber Security Ventures.
Ransomware damages for 2017 are expected to surpass $5 billion. MIT Technology Review stated smaller companies could be a big target in 2018 because even a modest compromise of data could potentially lead to a significant payout for hackers.
“Ransomware doesn’t discriminate” said Robert Herjavec, founder and CEO of Herjavec Group, an international information security and advisory firm, to Cyber Security Ventures. “Hackers aren’t just after financial information anymore, it’s personal. We’ve seen movies held captive, healthcare data, financial data. Data is being used as a weapon.”
Law firms host particularly sensitive data, so extreme care should be taken to ensure it’s safe from exploitation. Companies can protect themselves from ransomware by training employees on malware detection, implementing efficient anti-malware protections and undergoing frequent data backups.
Application programming interface weaknesses
Based on a report from the Cloud Security Alliance, CSO stated vulnerabilities within a company’s application programming interfaces, or APIs, can expose them to a potential data breach or cyberattack.
APIs are services that can connect cloud service provider functions with that of the company. A business may use an API to manage, provision and protect data, then transmit chunks of information to the cloud service’s storage banks. Human errors such as the mismanagement of API configurations, access by unqualified or unauthorized staff and failure to encrypt data are all possible through a faulty interface.
If flaws exist in the API it can put the security of the overall cloud platform at risk, thus making the two systems heavily dependent on one another.
API inefficiencies can be avoided with persistent management from developers and operations teams. Vulnerability scans, reporting, patching and configurations enforcement can all keep company APIs secure and prevent susceptibility to unwanted action.
Afinety has been helping law firm succeed for many years. The Afinety Cloud Platform utilizes Amazon Web Services, one of the world’s most used and adaptable cloud systems. Contact us today for more information.