There’s a correlation between more use of cloud services and collaboration tools, such as Cisco WebEx, Zoom, Microsoft Teams and Slack during the COVID-19 pandemic, and an increase in cyber-attacks targeting the cloud, it is claimed.
That’s based on anonymised and aggregated data from more than 30 million McAfee MVISION Cloud users worldwide between January and April. The cyber firm reports significant and potentially long-lasting trends that include an increase in the use of cloud services, access from unmanaged devices and the rise of cloud-native threats. These trends emphasise the need for new security delivery models in the distributed work-from-home of today – and a likely future, according to the company.
Rajiv Gupta, senior vice president, Cloud Security, McAfee, said: “While we are seeing a tremendous amount of courage and global goodwill to overcome the COVID-19 pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption created by an increase in working from home.
“The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behaviour. Mitigating this risk requires cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and from the use of unmanaged devices. Cloud-native security has to be deployed and managed remotely and can’t add any friction to employees whose work from home is essential to the health of their organisation.”
In those months, overall enterprise adoption of cloud services spiked by 50 per cent, including manufacturing and financial services that typically rely on legacy on-premises applications, networking and security more than others. Use of cloud collaboration tools rose by up to 600 percent, with the education sector seeing the most growth as more students have to adopt distance learning.
Threat events from external actors increased by 630 percent over the same period, the firm adds. Most of these external attacks targeted collaboration services like Microsoft 365, and were large-scale attempts to access cloud accounts with stolen credentials. Insider threats remained the same, indicating that working from home has not made employees less loyal, the firm suggests. Access to the cloud by unmanaged, personal devices doubled, adding another layer of risk for security people working to keep their data secure in the cloud.
