June 19, 2012
While data breaches are still largely hitting legacy systems, many experts believe the first wave of attacks to truly challenge cloud security could be underway sooner rather than later, according to CIO. For now, hackers are instead turning to the technology as a resource for, not a target of, their attacks.
"Everything the cloud offers to legitimate businesses, it offers to criminals as well," a intelligence specialist told CIO. "It's becoming common for cyber-criminals to rent cloud infrastructure to set up spambots or to build out a malware command-and-control infrastructure. At $50 or $60 a month, attackers can take advantage of resources that a few years ago would be too difficult and too expensive to build on their own."
Just because the cloud is acting as a friend to cybercriminals at the moment doesn't meant hackers won't soon target it more often. Even as cloud data protection has held up admirably in the face of many experts' fears, the growing number of enterprises migrating over makes it incredibly attractive.
"The cloud is already a tempting target," the vice president of research for a cloud security testing company told CIO. "Data is centralized and you can target one provider to attack multiple companies."
Currently, companies are hesitant to keep sensitive data in their clouds. A study from the Computing Technology Industry Association (CompTIA) found that 58 percent of companies will not put confidential corporate financial information in the cloud. Nearly as many organizations (56 percent) do not keep credit card data in the cloud, and 48 percent will not keep confidential intellectual property or trade secrets in the cloud.
Despite this, the overall state of data security in the cloud is not a concern. Eighty-five percent of those surveyed by CompTIA are confident that their provider offers a secure cloud computing environment.
Legacy of success
With so many companies restraining from moving the most sensitive data into the cloud, it makes sense why many hackers are resistant to attack the blossoming infrastructure. Instead, cybercriminals can keep their attentions focused on legacy systems, an arena where they can not only access the most valuable information, but one where they have had success in the past.
"Cybercriminals aren't going to spend a lot of time to come up with a new zero-day attack if they can just use the same old SQL injection attacks that have worked for years," the VP of research told CIO.
-McAfee Cloud Security