By Dirk Schrader, resident CISO (EMEA) and VP of security research at Netwrix
As the adoption of cloud services has accelerated in recent years, more than half (53 percent) of organisations have experienced at least one cyber attack targeting their cloud infrastructure within the last 12 months, according to Netwrix’s 2022 Global Cloud Security Report. Cloud providers strive to mitigate external cybersecurity threats from compromising their services and affecting customers. However, this responsibility is a shared one, where organisations using these cloud services must take care of the critical data they store.
Current trends within the cyber threat landscape
Findings from our Global Cloud Security Report revealed that 80 percent of organisations use the cloud to store sensitive information. In fact, on average, organisations already keep 41 percent of their workloads in the cloud and expect this to rise to 54 percent by the end of 2023. Of the data kept in the cloud, 44 percent of the organisations store employees’ personally identifiable information (PII), another 44 percent store customers’ PII, and 35 percent put corporate financial information into the cloud.
Businesses look to the cloud to help reduce costs (61 percent), improve security (53 percent), and to enable remote work capabilities (45 percent).
Of all cloud security incidents that occurred within the last year, phishing (73 percent), account compromise (31 percent), and ransomware or other malware attacks (29 percent) were the three most common external threats reported by respondents. These statistics have significantly increased from 2020 and are expected to continue to grow overtime.
Most respondents determine external actors as the biggest threat to their cloud security. Attackers commonly target employees and internal users to increase their chances of success. Threat actors will either steal login credentials – such as a password and username – of an employee or deceive an internal user into opening a malicious website link or email attachment to deploy an attack.
Second to external cyber threats, 39 percent of businesses deemed their internal employees as one of the biggest data security risks to their cloud infrastructure.
To keep their IT environments safe, organisations are already taking proactive measures. Of the companies surveyed, 58 percent have implemented employee cybersecurity training, 63 percent have backed-up their cloud systems, and 69 percent have already implemented business-wide multi-factor authentication (MFA) solutions.
Almost half of the respondents (49 percent) say cybersecurity incidents resulted in unplanned expenses to fix cloud security gaps. Additionally, 25 percent of security incidents led to compliance fines, and 17 percent resulted in a decrease in company valuation.
What is ‘system hardening’ and how can organisations benefit from it?
One of the most effective ways for companies to secure their cloud-stored data is through system hardening. This process reinforces the security of a system’s configuration and settings – aimed at eliminating as many cybersecurity risks as possible. To prevent threat actors from gaining access, all unnecessary networking connections, applications, account functions, access permissions, and ports must be removed from the IT environment.
The Centre for Internet Security Benchmarks (CIS) is the most trusted resource for free advice on how to configure a secure system within an on-premise environment. Further cloud computing resources are also provided by the CIS for security professionals and system administrators to utilise when looking to harden their instances within the cloud. Additionally, the CIS-based hardening of virtual instances in the cloud offers businesses and their IT teams the ability to operate simple, secure, and more cost-effective operations that are also compatible with top computing services and platforms. However, it is equally as important to be proactive when searching for possible security vulnerabilities or weaknesses throughout the security posture and ensure that they are fixed correctly.
The most important benefit of system hardening is the reduction of an organisation’s attack surface – leaving attackers fewer points of entry into a network. The system hardening processes also can help enterprises to follow compliance mandates and cybersecurity regulations, which can increase its overall return of investment (ROI) as a result.
The system hardening process can also be extended to gold images of any operating system software and additional applications. However, before deploying any such image, while in the customisation stage, organisations should determine which additional security tools are most suitable for its security architecture. Including these into the image and the hardened baseline does ensure the ability to detect and monitor not only deviations from the operating system’s secure config but also any manipulation of the defenses in place during the system’s lifecycle.
System hardening in five steps
For organisations looking to store their critical data securely within the cloud, the process of system hardening can be difficult to navigate as there are countless methods to choose from. However, as recommended by cloud providers themselves, system hardening can be achieved in five steps:
- Firstly, limit all users’ access permissions via network connections to the instances and on them by using only essential operating system (OS) applications and modules. In addition, activate controls provided by host-based defense software.
- Next, limit all user privileges by reducing them to the least number of privileges possible on the individual servers.
- Then establish a secured rule set for server configuration settings, with each server to be monitored individually in order to be compared against that defined baseline. This will identify and signal any deviations. To record the data as securely as possible, each server must be configured to generate and maintain the required audit logs using a normalized time stamp.
- Establish a process able to illustrate how to adjust the server’s baseline configuration controls.
- Lastly, audit all changes made to the access controls or other security-related controls of the cloud instances in use, verifying the cloud orchestration’s secure setup and management. This will ensure that only authorised changes are made, and can verify the resiliency and reliability of those cloud instances.
Organisations that are already taking measures to defend their cloud systems must continue to adapt their defense strategies as cyber threat trends continue to evolve. Only with an effective system hardening process can organisations successfully mitigate emerging cybersecurity risks faced by their cloud systems and ultimately secure their critical data to the highest standard possible.