Saving in the cloud became a very strong alternative to store data, not only for ordinary users, but also for companies that find an important solution to save costs, although they know that there is a cyber risk.
A report of Thalesa company dedicated to the development of information systems, assures that in 2022, 45% of companies will have suffered some type of leak in the cloud, which represents a challenge for all those who use this type of service.
The cloud is also vulnerable
The panorama that reflects the study shows that this technology is a challenge that the industry is suffering, especially in the transition and adoption.
51% of professionals in the technology sector see it this way, especially when the vast majority, 66%, of the companies consulted store sensitive data in the cloud.
The attacks that their data and applications have suffered the most are: a quarter, 26%, mention malware, 25% are ransomware, and a fifth (19%) say they have seen an increase in phishing/whaling.
In addition, a third of the companies consulted admits having experienced some type of information leak. So it is a real problem and a challenge for those who want to make the transformation, because regardless of the cloud service that is chosen, much of the responsibility for cybersecurity falls on the end user, that is, the company and the employees.
How to make a protection to the cloud?
The first recommendation is to carry out an analysis of the sensitivity of the data stored and the risks that are run. For that there are solutions such as CipherTrust Data Discovery and Classification, which allows you to obtain a clear understanding of sensitive data, where it is located and what the dangers are.
With this defined, a strategy can be carried out, from which several options emerge, such as:
– Control the life cycle of the keys, using a keyvaults, which allows you to manage and strengthen the keys.
– Ensure the transit between the cloud and the client, either in the company’s facilities or in the cloud.
– Implement data-at-rest encryption solutions, which provide granular encryption, tokenization, and role-based access control for structured and unstructured data.
With these solutions, 40% of the companies that participated in the survey claimed to avoid the leak notification process because the stolen or leaked data was encrypted and thus take advantage of the benefits of the cloud in a more secure way.
How to analyze malicious mail
According to Kaspersky, if an email asks to perform an action like go to a link or download a file attached, claiming to be important with a “CEO’s personal request” or something “due to be paid in the next few hours”, is most likely a trap.
Do not open links in the email that lead to external sites that request personal information; neither download or open files that are executable (such as .exe), nor perform actions related to money transfers
It can also be checked from the header of the note if it is a malicious mail, since the address must match the sender, for example, if it says that it is an urgent mail from Googlethen the email should be “@google.com” and not “@donitas.com” or anything else.
Another of the alerts is receiving an email that was not expected. For example, a few months ago it was recorded that cyber hackers were impersonating the identity of wetransfer and it was sending emails to its victims stating that they had files pending for download. When people clicked on the link it took them to a malicious site.