ven before the onset of the Covid-19 pandemic, many businesses – including small businesses – were in the process of migrating certain of their operations to cloud-based systems. This trend accelerated significantly following the onset of the Covid-19 pandemic.
A number of recent reports remind business owners, however, that the use of a cloud-based system is not a substitute for a business’ own cybersecurity program. In fact, the trend towards cloud migration may require small businesses to implement even more robust security.
Cybersecurity firm McAfee recently reported that during the first four months of 2020, business use of cloud services increased by 50%. During this same period, however, cyberattacks on cloud services increased by a whopping 630%. The healthcare industry was the second most highly attacked, with almost 200 million attacks originating in Russia, China or Iran.
In addition, mobile security firm Lookout reports that phishing attacks directed at remote workers increased 66%. Therefore, not only are the bad guys increasingly targeting cloud users; they may be using new tactics to reach those targets.
Finally, the use of a cloud-based system involves its own unique challenges. In fact, a misconfigured cloud system can be compromised – literally – overnight. Cloud misconfigurations are the number one cause of cloud security issues. In a recent test, security researchers at Comparitech created a “dummy” cloud-based database with fake data, then waited to see what happened; the “dummy” database was located and attacked in eight and one-half hours. This, of course, means that a business could begin its new cloud-based operations at the end of a workday, and be compromised before the beginning of the next workday.
Cloud-based systems can make the life of a business owner much easier in many ways. A cloud-based system does not, however, eliminate the business’ need for cybersecurity, as these systems present their own unique issues for the business to address.
The attorneys at Chilivis Grubman represent clients of all sizes in connection with data breach and cybersecurity matters, including regulatory obligations and litigation arising therefrom. If you need assistance with such a matter, please contact us today.