Cloud Data goes💨 poof | API security in the limelight
CyberInsights #108 - Cloud Data loss - a 3 sigma event for risk assessment | APIs, the emerging challenge for security
What to do when your cloud goes 💨 poof
When your cloud service provider says - “Hey, we’re sorry, but we lost all of your data”
Some cloud service providers promise 99.99% uptime. It’s great. All your infrastructure woes are gone. But what about data loss?
Two Danish Cloud service providers faced a ransomware attack. They rebelliously (and nobly) decided not to pay the ransom. It ended up in customer data loss. [LINK]
Now is the time to really think about the joke we laughed at:
There is no cloud. It’s just someone else’s computer.
We have started to believe that the cloud is infallible. If you don’t believe me, just recollect the data you have on your personal Gmail or Dropbox / Box. Shivers?
Take Action:
Cloud Risks are real. Consider cloud risks as a part of your assessment. Define a plan of what to do should your cloud service provider fail — not just at uptime, but at data availability too. Cybersecurity professionals are once again waking up to the concept of ‘offline backups’.
If you are a cyber insurer then consider cloud risks in your accumulation.
APIs: The New Target for Adversaries (not too new, though)
Why the backbone of the digital economy is under threat.
Somewhere along our journey we’ve moved on from “There’s an app for that!” to “There’s an API for that.”
APIs are the backbone of the tech world. They are the plumbing behind the Internet.
They power the digital interactions we take for granted daily. But with their ubiquity comes a security challenge.
This report reveals that 70% of CISOs are now prioritizing API security more than before, with 90% planning to increase their focus in this area. [LINK]
“ … when you don’t know how an API is used and the attacks are based on business logic, you probably don’t have the tools in your web defense arsenal to understand when something bad is happening against your APIs.”
Take Action:
CISOs — remember that there is more to API security than adding them to your list of assets for VA, PT and Web AppSec. API security requires holistic thinking. Threat model your APIs well. Also, focus on the API key distribution process and secure that too.
Cyber insurers — more the number of APIs, higher the risk you are underwriting.