Whether it’s from your financial advisor after an investment in an artisanal marshmallow company, your friends after a Tinder date with someone who goes by the username iown7cats, or your parents after literally anything you’ve ever done in your life, no one likes to hear the words you should’ve known better.
You know what, though? Those words sting so bad because they are so often true. Take, for instance, the major organizations still falling victim to cyberattacks in 2018. These are some of the most widely publicized, well-known assaults in all of the internet…and organizations all over the world are still getting rocked by them every single day.
You can’t spend more than four seconds browsing cybersecurity headlines without stumbling over a screecher about a newly discovered type of DDoS attack, the uptick in professional DDoS attackers, the still-popular DDoS for hire services, or the latest record-breaking DDoS assault. Yes,DDoS attacks have been large and in charge on the internet for over a decade, and in the last few years have reached epidemic status.
That said, these attacks can be stopped. Leading cloud-based DDoS mitigation can handle everything from the most sophisticated application layer attack to the biggest network layer attack to the brand new attack type cooked up by the pros without allowing a single moment of downtime.
That said, many of these attacks are not being stopped. Financial institutions, online gaming platforms, cryptocurrency exchanges, ecommerce sites, government portals and more are buckling in the face of these attacks every single day leading to lost revenue, outrage on social media and lost customer loyalty. Unfortunate, but at this point? Understandable.
When the WannaCry ransomware crept across the globe in May of 2017, locking up the over 200,000 computers including those of enterprises and other major organizations, the world took notice. After all, organizations like FedEx, Nissan, Telefonica and Britain’s National Health Service had their files locked up and their computers rendered unusable.
Apparently, however, the world didn’t take quite enough notice, because when the Petya ransomware attack spread across the globe over a month later it became what a statement from the White House referred to as the most costly cyberattack in history, one that once again locked up the computers of organizations like FedEx, Nissan, Telefonica and Britain’s National Health Service.
Ransomware has been identified as an attack to watch for in 2018 by all kinds of security researchers and experts, and with the inescapable press those massive attacks received, there simply can’t be any organizations that can legitimately claim ignorance of this risk. Even so, the stunning ransomware attacks have continued, with the city of Atlanta being held hostage for over five days.
Successful ransomware attacks are ultra-frustrating, not only because they’re so well-known but because many attacks take advantage of known vulnerabilities for which patches have been issued. Even attacks that take advantage of zero day threats can be stopped with a leading web application firewall that has virtual patching.
Cloud security misconfigurations
Hard to swallow though they may be, at least DDoS and ransomware attacks tend to have criminal masterminds behind them. Cloud security misconfigurations, on the other hand, are just big fat mistakes organizations make, leading to all kinds of sensitive data accidentally being exposed and administrative accounts being compromised. This is happening frequently, too. Like 50% of organizations accidentally exposing data to the public in their cloud storage services kind of frequently. Like 40% of organizations having administrative user accounts compromised frequently.
It’s unclear if this is happening at such a high rate because these organizations are assuming their cloud provider has security handled, because the migration to the cloud was rushed, or because organizations just aren’t being careful enough with their new computing technology. Likely all of the above. What truly matters is that millions upon millions of people have had their confidential information exposed because of someone’s simple goof – let’s not forget the 198 million US voters whose personal information went public because a firm working on behalf of the Republican National Committee had an incorrect cloud security setting.
Cloud computing is tremendous technology that represents huge benefits for many organizations, but those organizations need to start taking its security a lot more seriously. Starting with a web application firewall to shore up security is a good start, as is multi-factor authentication to prevent credential compromise. We can’t keep having cheesy headlines about storm clouds, people.
There you have it. With a few simple but essential considerations, you might never have to hear that you should’ve known better ever again. Don’t leave your websites and online services unprotected against one of the most popular forms of cyberattack. Don’t leave vulnerabilities vulnerable and find your entire company’s files locked up by a Russian hacker. Don’t assume someone is taking care of your cloud security unless it’s an IT employee who has expressly told you he or she is taking care of your cloud security. And don’t go on a date with iown7cats unless your username is iown8cats. Simple, but essential.