Why Hackers Love The Cloud


For a skilled hacker, a major company’s cloud system is a treasure trove – sensitive data, including millions of bank account logins, email addresses and Social Security numbers can be just a few clicks away. While the cloud provides unprecedented benefits to digital businesses, it can also leave customer and employee data vulnerable.

Major data breaches at tech giants like Yahoo (NASDAQ:YHOO), which confirmed this week that more than one billion of its email accounts were compromised in August 2013, demonstrate that no company is completely safe from a hack. Oracle (NYSE:ORCL), Sony (NYSE:SNE), T-Mobile (NASDAQ:TMUS) and Dropbox are just a few other consumer tech companies that have dealt with massive hacks in recent years. Retailers such as Target, Neiman Marcus and Home Depot have also experienced massive breaches of customer data.

And the average internet user, unaware of their data’s vulnerability, has yet to take the necessary steps to protect their information.

“The problem with the cloud is that it simply expands the systemic vulnerabilities that have existed since the Internet was developed.  The internet was built for redundancy, not security,” Will Donaldson, CEO of digital security firm nomx, told FOXBusiness.com. “So every single hack since then has been patched, but the vulnerabilities remain and continue to increase. Until people take back their data and assume responsibility for it, they have little recourse against the large providers.”

The risk of losing key information in a cloud hack will only increase as more companies and consumers embrace the technology. A recent study by Skyhigh Networks, a cybersecurity firm, found that 18.1% of all documents uploaded to cloud-linked systems contain sensitive data. In a Gallup poll conducted last October, 27% of respondents said they or someone within their household had credit card information stolen from a store’s data servers.

With so much raw data relegated to the cloud, major firms are developing “machine learning technology” to automatically scan billions of cloud interactions for potential threats, said Rajiv Gupta, CEO of Skyhigh Networks.

“Companies that try to use traditional tools to secure a new model of computing are understandably struggling,” Gupta said. “We’ve seen from our own research that while there is a year-over-year rise in workplace cloud usage, security and compliance lags as those same companies fail to proactively address emerging risks.”

Individual users shouldn’t rely solely on companies to secure the data they entrust to the cloud. As a starting point, experts say to implement multi-step log-in verification on all accounts, especially those that contain sensitive information. It’s a tedious process, but requiring more than just a single password to log-in to a service makes it more difficult for hackers to access an account.

Known as Multi-Factor Authentication, or MFA, the feature would likely have prevented the hack of Facebook CEO Mark Zuckerberg’s Twitter account earlier this year, Gupta added. Users should also scan the terms of services in cloud services for clauses that seem problematic.

Even obvious steps, like ensuring the internet connection is encrypted in public locations or using individual passwords for different services, can provide a benefit.

“With the rise in identity theft, malware and phishing and scam sites, users need to be more careful than ever for their cyber protection,” said Michael Xie, chief technology officer at Fortinet. “The most important thing to do is choose strong passwords, and change them often.”

This is part of FOXBusiness.com’s Industry Forecast series that deep dives into cloud innovations across global businesses.