7 top cloud security threats — and how to address them

For any enterprise relying on the cloud to accommodate a rapidly growing number of services, ensuring security is a top priority. Yet as most cloud adopters soon realize, migrating to a dynamic cloud environment requires both new and updated security measures to ensure that data and other key assets remain safe throughout the entire online infrastructure.

To keep your enterprise assets safe and secure, here’s a rundown of today’s top cloud threats and how to guard against them.

1. Human errors

Common staff mistakes lead to most security incidents, creating vulnerabilities that would otherwise be covered by a strong security posture.

“Leaving cloud assets unsecured … or clicking on a phishing link can allow threat actors to infiltrate a company’s cloud environment, all of which are more difficult to detect than traditional attack methods,” says Todd Moore, global head of data security products at defense and security technology provider Thales. “This essentially allows hackers to invite themselves in, bypassing security measures.”

The cloud’s inherently complex environment raises the risk of human error, especially in today’s growing multi-cloud world, Moore notes. “More cloud environments with different rules and security measures leaves more room for security gaps, and humans are a constant variable for consideration.”

Moore believes that the only way to combat the human error risk is by adopting regular training. “This can be through an established training cycle to help [users] understand the risks, look for the signs of something unusual, and develop processes and protocols they must follow on all company-owned networks, devices, and accounts.”

2. Cloud-assisted malware

Cloud-assisted malware is a growing threat, particularly as phishing emails and crafty lures continue to be a popular method of malware delivery, says Oleg Kolesnikov, vice president of threat research at cybersecurity technology provider Securonix. This danger was recently driven home by the discovery of a new threat leveraging multiple clouds — CLOUD#REVERSER — an infection chain that uses cloud storage services such as Google Drive and Dropbox to deploy malware.

Users need to be alerted to the tactics that attackers use to fool victims into executing the malware, Kolesnikov says. “As always, users should exercise caution around unsolicited emails, especially when the email employs a sense of urgency.”

Users should also be warned to avoid downloading files or attachments from external sources, particularly if the source was unsolicited. To guard against cloud-assisted malware, Kolesnikov recommends deploying strong endpoint logging capabilities and leveraging additional process-level logging, such as Sysmon and PowerShell logging, for additional log detection coverage.

3. Data theft

The current leading cloud security threat is data theft, affecting both hybrid cloud and AI systems powered by hybrid infrastructures, states Nataraj Nagaratnam, cloud security CTO at IBM. He notes that a recent IBM survey found that nearly a third of reported incidents are linked to data theft or leakage.

Data theft is particularly dangerous due to the various risks it presents. Beyond immediate data threats, it also exposes enterprises to reputational damage, AI vulnerabilities, regulatory risks, and numerous other dangers, all endangering an organization’s bottom line, customer trust, and competitive position.

With interest in artificial intelligence growing rapidly, Nagaratnam predicts that AI will become a ripe target for new threats. “Cybercriminals are developing sophisticated, cost-effective tools to attack AI solutions and the valuable data they host,” he warns. “Ensuring data security and integrity demands a strategic, integrated approach that combines robust security protocols, stringent access controls, and proactive threat intelligence across cloud and AI ecosystems.”

4. Credentials theft

Perhaps the biggest cloud security threat is credentials theft, says Aaron Cockerill, executive vice president of security at security technology provider Lookout. He notes that stolen credentials are the primary initial vector attack threat actors take in a data breach.

Credentials theft is a particularly insidious and dangerous threat, since it’s difficult to distinguish between authorized and unauthorized access when the person entering the cloud infrastructure is using legitimate credentials. “Threat actors can wreak havoc in just minutes once they’ve infiltrated your system, leaving only a small window for organizations to detect and respond in time,” Cockerill says.

To combat credential theft, organizations should adopt a layered security approach, Cockerill advises. The first layer is establishing strong identities and user access procedures. “This includes implementing strong multi-factor authentication,” he says. The second layer is monitoring the dark web and building a strategy to address social engineering.

5. Poor access management

A leading security threat is improper cloud access management by various IT teams, such as DevOps and application developers, who may not possess the necessary security training, says Erez Tadmor, field CTO with security policy management company Tufin.

“Unlike legacy networks and data centers, where access is tightly controlled by network security teams, cloud environments distribute access responsibilities across multiple roles,” he explains. “This increases the risk of human error, such as a developer unintentionally granting overly broad permissions to a cloud storage bucket.”

Tadmor recommends implementing a strict network access controls policy, complemented by comprehensive security training for all personnel involved in cloud management. “Establishing guardrails allows teams, like DevOps and application developers, to work within their areas while providing network security experts with necessary oversight.”

By managing a cloud network security policy through an abstraction layer, non-security experts can more easily understand and adhere to security requirements, Tadmor says.

“The abstraction layer should be attentive to misconfigurations in the infrastructure layer, enabling real-time alerts for policy violations and ensuring timely remediation,” he explains. “This approach maintains robust security, balancing operational freedom with stringent oversight to effectively mitigate internal threats.”

6. DoS and DDoS attacks

Cloud-based environments create a tempting target for DoS and DDoS attackers. Such attacks have been a top cloud security threat for a very long time, observes Rhonda Brown, a senior solutions engineer with Carnegie Mellon University’s Software Engineering Institute. Sadly, there’s no sign that these assaults are going away anytime soon.

Both DoS and DDoS attacks are resource consumption attacks, specifically designed to disrupt or completely disable legitimate activities. Although they may not result in data breaches, they can cause delays in critical operations or bring all operations to a halt. “These delays are accomplished through resource exhaustion by expending all bandwidth, disk space, or memory capacity,” Brown explains.

Many cloud services offer basic default protection against network flood attacks, as well as enhanced security at an additional cost, Brown says. Additionally, some service providers offer filtering services that can be requested when an attack occurs.

Basic cyber hygiene can also curtail attack damage, Brown advises. Effective practices include robust network security and monitoring, as well as deploying intrusion detection systems that can detect a sudden burst of unusual traffic.

7. Data exfiltration

Frequently overlooked, data exfiltration is a significant cloud security threat. “Data exfiltration refers to the electronic transmission of data from a cloud environment to an unauthorized external location,” says John Henley, principal consultant at technology research and advisory firm ISG. “This could occur in several ways, including the exploitation of a vulnerability, misconfigurations, or compromised credentials.”

Data exfiltration can lead to the theft of sensitive information, such as personal identity data, financial information, intellectual property, or confidential corporate data. “The consequences of data exfiltration on monitoring, remediation, and legal actions can be long-term and far-reaching,” Henley warns.

Antagonists may use stolen intellectual property or trade secrets to gain a competitive advantage that leads to future market-share erosion or the ability to dominate a market. Meanwhile, operational disruption can result in downtime, lost productivity, and costs incurred to rebuild operations.

More on cloud security:

• Cloud security faces pressure from AI growth, multicloud use
• CSPM buyer’s guide: How to choose the best cloud security posture management tools
• Visibility, alarm fatigue top remediation concerns in cloud security