News

Security in the Cloud: Black Hat vs White Hat Hacking

Tue, 10/05/2016 - 07:54
Cloud Storage

Large cloud storage providers that pride themselves in the security of their cloud storage services (Amazon Web Services, Microsoft Azure, Google Cloud and Dropbox – to name the big guns) have only marginally changed the way individuals and companies manage their data. Only 10% of the world’s data is stored in the cloud! Which begs the question, why are companies, and individuals, hesitant to store “sensitive data” in the cloud?

With recent news of major data security breaches it’s hard not to doubt the security that cloud storage service providers promise to deliver in their security policies. Apple’s cloud storage component iCloud states in their Privacy Policy, “Security and privacy are fundamental to the design of all our hardware, software, and services, including iCloud.” However, they had to learn the hard way in 2014 when a security issue in the iCloud API enabled “Black Hat” (malicious) hackers to take advantage of the weak spot which allowed them to make unlimited guesses to passwords of iCloud users. The result was a leak of almost 500 private photos of various celebrities.

Four motivators for cloud storage hacks (to name a few)

1.      Political reasons:  the Chinese Military being accused of being linked to cyber-attacks in the USA; or the case of Edward Snowden.

2.      Controversial information leakage: (also known as “naming and shaming”): the Ashley Madison Hack; or the recent case of the Panama Papers.

3.      Monetary gain: Gaining access to credit card and banking details for personal financial gain, or reselling information on the dark web. Examples like the Cardsystems Solutions Inc incident or the Sony Online Entertainment network come to mind.

4.      Boredom or malicious vandalism: the Sesame Street YouTube channel disaster whereby Sesame Street's YouTube channel has been taken offline after hackers uploaded several pornographic videos to it.

There will always be a weak link…

When one starts looking at the relationship between online security and cloud storage, the bottom line is that at some point every company will experience a security breach to their data stored online. The trick is as to how you prevent it, and if beyond the point of prevention, manage the damage (from the perspective of a cloud storage service provider). Managing cloud security controls is an ongoing practice. In a previous article we have outlined what is important to look for when it comes to data security and protection to try and mitigate the weak links in said security controls.

If you can’t beat them, join them!

A creative and proactive way for cloud storage providers to ensure data security is to actually employ ethical hackers, or to invest in hacker training for their software developers. “White Hat” hackers are ethical hackers who specialise in “penetration testing” and other forms of testing for vulnerabilities in cloud storage software and other Internet technologies. (The “FBI Apple encryption dispute” is an interesting topic for discussion regarding this.) If you want to prevent cyber-crime and protect your cloud storage as a company, you might need to enter the mind of a cyber-criminal in order to pre-empt and minimise security breaches.

As a customer, when you do choose cloud storage, make sure you have vetted your choice of provider properly in order to ensure the security of your data is up to standard.

Recent Articles

Redstor_Ransomware_Typewriters_blog Ransomware

Latest Ransomware Attacks Leave Organisation Working On Typewriters

Ransomware is a threat to all organisations and has been prevalent for a number of years. Although recent reports suggest that organisations are no... read more

August 09, 2018
Redstor_Reddit_blog Ransomware

Two-factor Becomes Hack-factor In Reddit Attack

The last few years have seen a number of high profile hacks, each growing in complexity and affecting masses of people. Strains of ransomware have... read more

August 07, 2018
Redstor_Dixons_super-breach_blog Disaster Recovery

Dixons Breach Becomes Super-breach Following Review

Earlier this year high street electronics firm Dixons Carphone revealed that a data breach had occurred the previous year, effecting over 1 million... read more

August 02, 2018