Cloud computing has been a global trend in the past decade, and the adoption rate is growing rapidly, and there is no end in sight. As this shift continues, cloud services will dominate, as IT innovators produce more efficient, flexible, and faster products.A sort of forecast
Analyst company IDC estimates that by 2025, total global cloud service spending will reach 1.3 trillion US dollars.
As the COVID-19 pandemic forces organizations everywhere to speed up their efforts and make remote work and collaboration a regular part of doing business, digital transformation may happen faster than other methods. IT analysis company Gartner notes
“Simply put, the pandemic is a multiplier of CIO’s interest in the cloud.”
Therefore, the remote working model requires that the global IP network is always available, and that companies are required to protect their IT infrastructure and data assets from unauthorized access.However, a learn
A survey conducted by the insurance company Munich Re showed that although almost everyone in the corporate world claimed to be a fan of digitalization, 81% of C-level respondents doubted whether their organization has adequate protection against cyber threats.
Systemic risk
The use of cloud computing services is expanding, so it is not surprising that the number and complexity of cyber attacks are also increasing. To make matters worse, the global cloud market is essentially an oligopoly, with a small number of vendors dominating this field, causing systemic risks.
As organizations around the world move to the cloud, the impact of large-scale cloud failures keeps IT managers awake at night. If a major cloud service provider suffers continuous downtime, the damage to its customers and partners may cause catastrophic economic losses. To give an example of a non-digital disaster, fire OVH’s data center in Strasbourg, France was paralyzed, causing more than $120 million in losses, Affecting more than 65,000 customers and shutting down approximately 3.6 million websites worldwide.other Area of concern Located in the content delivery network space, the concentration of Internet traffic in the hands of a few large providers may cause widespread disruption.
Denial of service
There are multiple methods of attacking cloud service providers (CSP), some of which combine multiple attack techniques (for example, distributed denial of service or DDoS attacks, and malware and ransom requirements as good measures). As the name suggests, DDoS attacks are designed to Vulnerabilities that prevent users from using resources or systems are usually bombarded with excess traffic through botnets. This type of attack may cause a crash or error message that the server cannot run. The reasons for these attacks vary.High-profile DDoS attackers like Armada Collective have used this technique to blackmail banks and other institutions, but even ordinary hacker admirers can be as low as $1 per minute And cause serious damage online.
DDoS attacks are not new, but their complexity and scale continue to evolve.U.S. Department of Homeland Security (DHS) website state “In the past five years, the scale of attacks has increased tenfold. If the scale continues to expand, it is unclear whether the current network infrastructure can withstand future attacks.”
Usually, before a major attack, the attacker will launch a small-scale demonstration attack on the service of the target entity. Recently, attackers have begun to claim that they are affiliated with state-sponsored high-level persistent threat organizations, such as Fancy Bear and Lazarus, to strengthen their ransom demands. Refusal to pay is a gamble. Sometimes the promised large-scale attack will not happen, but the threat actor may follow up.As Report According to the BBC, the DDoS attack on the New Zealand Stock Exchange caused an outage that lasted several days.
Lost up to 15 billion U.S. dollars in a few days
The disadvantage of a large number of cloud applications is that the provider becomes a single point of failure. Although the losses associated with a CSP outage will vary and depend on the duration of the downtime, the consequences can be severe. In 2018, Lloyd’s of London estimated Cyber incidents caused the top three cloud service providers in the United States to suspend operations for three to six days, resulting in economic losses of 6.9 billion to 14.7 billion U.S. dollars and industry insurance losses of 1.5 to 2.8 billion U.S. dollars. Fortune 1000 companies will bear 37% of the total loss and 43% of the insured loss caused by the 3 to 6-day downtime. Remember, these are 2018 figures. Since then, the use of loud computing has soared, so the number may also increase.
FBI: Cyber threats rise by 300%
Due to the pandemic, unprecedented Internet traffic has caused as many as Up 300% In a cyber attack, such as Report By the FBI.At the same time, Europol’s JOTA 2021 Reports, law enforcement agencies, and the private sector have all seen DDoS attacks and ransom demands, as well as more high-volume attacks compared to the previous year, come back. Cybercriminals have been attacking Internet service providers, financial institutions, as well as small and medium enterprises, public institutions, and critical infrastructure.
Move forward
With increasing reliance on IT services and real-time connections, they are vulnerable to cyber threats. The interdependence of IT infrastructure crosses departments and industries, involves virtual and physical spaces, and crosses national boundaries.
Although using the cloud brings all the benefits, there are also disadvantages. As suppliers continue to expand in scale and dominate the market, they become a single point of failure and become the main target of network participants (including hostile nation-states). A successful attack on a single vulnerable entity may disrupt or destroy multiple important systems in the host country and cause a chain reaction worldwide.This kind of supply chain attack may cause serious spillover effects to downstream customers because Seen During the recent Kaseya attack.
Organizations must realize that the cloud is still a shared responsibility model. The shared responsibility model has gray areas and limitations, especially in infrastructure as a service deployment. In addition, by leveraging the multiple availability zones of any given CSP, and by implementing a multi-vendor strategy across multiple CSPs, the risk exposure of end users can be minimized. Additional independent security layers should be used where appropriate to ensure that there is no single point of failure. Cloud computing will continue to exist, but so will cybercrime.
