By Craig Moss
Another myth shattered. It turns out that cloud service providers are not immune to cyber breaches. A recent article in the Wall Street Journal, Ghosts in the Clouds: Inside China’s Major Corporate Hack, tells the tale of hackers accessing the networks of major corporations through their cloud service providers. But let’s not overreact. Cloud service providers focus enormous resources on every phase of cybersecurity – prevention, detection, and response – and they are going to play an important role in virtually every business.
Our job at the Cyber Readiness Institute (CRI) is to make sense of this breach for small and mid-size businesses (SMBs), look at its implications and offer some guidance on what you can do.
Here are the big take-aways for SMB owners and managers:
- Cybersecurity is a shared responsibility between your company and the cloud service provider – you cannot completely outsource your cybersecurity.
- Your company may not be the target for the hackers, but a gateway to the intended target.
- Human behavior is a key part of basic cyber readiness so training your people on the basics like phishing and updating software is critical.
If you’re skeptical, these quotes from the WSJ article should illustrate the point.
- “To break into the cloud, the hackers sometimes sent phishing emails to administrators with high-level access. Other times they cracked in through contractors’ systems, according to investigators.”
- “Making matters more complicated, the hackers had gained access to the company’s cyber incident response team…”
What can you do in your company? Here are a few tips:
- Clearly understand your responsibility and that of your cloud service provider for protecting your data and systems.
- Provide clear, simple policies for employees to follow on four core cyber readiness issues:
- Software updates
- Removable media (i.e. USBs)
- Focus on the human behavior in your company–appoint a Cyber Leader to take responsibility for your cyber readiness
For free resources and more information get in touch with me (email@example.com) or go to www.cyberreadinessinstitute.org. Be Cyber Ready. Be Cyber Strong.
Craig Moss is Director, Content and Tool Development for CRI