Best of 2020: Aussie corporate clouds under fire amid COVID-19 crisis
External attacks on Australian corporate cloud accounts have grown more than sevenfold since the COVID-19 crisis struck, research from McAfee indicates.
From January to April, external attacks on cloud accounts grew more than 630%, the research found.
This aligns closely with the up to 600% increase in usage of cloud-based collaboration services such as Cisco WebEx, Zoom, Microsoft Teams and Slack over the same period.
McAfee’s research found that most of the external attacks on cloud services during the period targeted collaboration services like Microsoft 365.
The company detected large-scale attempts to access cloud accounts with stolen credentials, with anomalous login attempts tripling since the start of the year.
Overall enterprise adoption of cloud services spiked by 50% as a result of increased remote working during state lockdowns. Even industries that typically rely on legacy on-premises applications, such as manufacturing and financial services, saw a marked increase in cloud usage.
This has introduced new security problems, with McAfee estimating that access to the cloud by unmanaged, personal devices doubled from January to April.
“Cybercriminals have wasted no time in taking advantage of the surge in cloud adoption to support working from home policies,” McAfee Regional Director of MVISION Cloud Asia Pacific Joel Camissar said.
“For many organisations, these policies are here to stay with almost half of the global workforce expected to work remotely post the pandemic. It is, therefore, a crucial time for Australian organisations to be prioritising cloud security.”
Gupta said it is important for enterprises to address the threat by deploying cloud-native security that can be managed remotely and can’t add any friction to employees working from home.
“Companies must [also] rethink how they cater to unmanaged devices connecting to their cloud services and set cloud policies that protect sensitive information from being stored on unmanaged devices. Finally, companies should be using a unified security platform that reduces complexity and delivers visibility and control over certified and shadow cloud services,” he said.
This article was first published on 29 May 2020
Accelerating the adoption of passkeys without compromising user experience
We need authentication methods that remove the human element from the equation, and that's...
Modern CISOs must throw out the traditional cybersecurity playbook
The primary imperative for today's CISOs should be to align the security agenda with business...
AI agents: securing the 'artificial workforce'
Just as they would with new employees, security teams will need to define access policies for...