Cloud security: Navigating the threat landscape during Covid-19 and beyond

Cloud security is a growing challenge as financial firms accelerate digital transformation projects during the pandemic, says William Taylor, Cloud Security Architect at 324 Consultancy.

Covid-19 has created a surge in digital transformation projects including the move to cloud. According to the Cloud Security Alliance, 62% of businesses have moved to multi-cloud set ups and this trend is continuing into 2021.

Yet while cloud boosts efficiency and cut costs, it also creates a security challenge by opening up another vector through which to attack financial firms. It is not surprising that following the SolarWinds breach in 2020, nation state adversaries targeted cloud services as a key objective.

As cloud migrations continue to ramp up during Covid-19 and beyond, it’s created an urgent need for security tools and strategies to manage the growing risk. But while many financial firms have already started to address this, all too often the controls in place to manage security are not up to the task. Adding to this is a lack of skilled workers with cloud-specific experience.

As cyber-attacks increase, financial firms know cloud security is critical, and failure to fill their cyber obligations can result in serious consequences. So, what are the specific risks to financial firms and how can they ensure a secure cloud as deployments accelerate?

Cloud security in the financial sector

Threat actors targeting the financial sector span multiple vectors. As well as organised crime groups looking to make money, the industry is at risk from attacks by nation state actors from countries including Russia and North Korea, who know just how disruptive and lucrative a financial sector cyber-assault can be.

Take the example of North Korean hacker collective the Lazarus Group, whose aim is to raise revenue for the country’s financially-isolated government.

Adversaries can target financial firms’ cloud in multiple ways, for example via insecure APIs. Analyst firm Gartner predicts API-related abuses will become the most common attack vector by 2022.

Some financial firms are more at risk from attack than others. Nimble cloud-first start-ups that have built in security from the start are in a better position to address risk. But for larger organisations, the challenge can be more significant.

This is partly because bigger companies tend to have a lot of on premises technology, which can also be heavily tied into software-as-a-service (SaaS) solutions. Adding to complexity, these firms often lack the skilled personnel they need to mitigate the cloud security risk.

Cloud security can also be a challenge for small to medium sized financial organisations. As the pandemic has forced companies to accelerate to cloud, many smaller businesses have prioritised shifting services over as quickly as possible – at the expense of security.

But even those financial firms who have baked in security from the start using best-of-breed tools can find cloud security challenging. These tools are collecting data including day-to-day events taking place in the network that can be indicative of a cyber-attack, but the vast amounts of information being produced makes filtering out the noise to find useful insights an issue.

Resolving the cloud security challenge

Resolving the cloud security challenge requires an approach combining technology and people. Overall, visibility is key and tools such as cloud security information and event management (SIEM) solutions – which collect, store and analyse security data from across the organisation to alert IT admins to signs of attack – can help.

Cloud-based SIEM monitors on premises and cloud, often leveraging AI and machine learning, such as Microsoft’s Azure Sentinel. As well as adding visibility for the security team, these solutions integrate with threat intelligence feeds so financial firms can more easily assess their risk at any given time.

As well as SIEM tools combined with AI automated response, other solutions such as compliance tools and vulnerability management can help. Mobile device management (MDM) is also important as the workforce continues to work from home now and, at least, in the near future.

In addition to using the right tools, financial firms need to take care to avoid making common mistakes. For example, an important part of cloud security is knowing your obligations. The big cloud providers – Amazon, Microsoft and Google – offer security, but if you are breached, the onus is on you, not the provider.

This is especially relevant in the context of regulation such as the EU Update to Data Protection Regulation (GDPR) and Payment Card Industry Data Security Standard (PCI DSS), which raise the stakes much higher if financial firms are breached.

Over the last few years, financial organisations have been vigilant about their obligations such as patching and vulnerability management. When mistakes do creep in, it’s not usually through malice but gaps in projects, or a misunderstanding of requirements.

A strong cloud security strategy

Taking this into account, it’s integral that cloud security tools are backed up by a strong strategy. Even though the technology landscape is transforming, the security principles are the same as ever, including defence-in-depth. Indeed, layers of defence are critical for fail-safe design and to increase the time attackers need to acquire a target.

Events can be monitored using a SIEM solution, but it’s important not to ignore the human element. It might make sense to employ an external specialist to help understand the business needs and map these to an appropriate security framework. Once you have a successful design, it can be deployed via automation while ensuring that what you deploy matches what was designed and doesn’t drift over time.

The security landscape is increasingly complex, and attackers are becoming more sophisticated. The new decade 2020 was the start of a big bang, with the pandemic pushing things to the extreme. This decade will see phenomenal technological change and adoption, and the effort required to keep pace with security threats will increase. We are in an ever-evolving cycle of trying to anticipate and mitigate the next attack.

But while Covid-19 has accelerated cloud adoption and with that added risk, it has also raised the importance of cyber security in people’s minds. More financial services firms are operating with a security based mindset, and that can only be a good thing.

If you would like to discuss cloud security in your organisation, please get in touch on +44 203 603 4733 or email us at info@324consultancy.com.