How cloud storage became a target for hackers – and what can be done about it

(c)iStock.com/4774344sean

With the recent revelations that Yahoo! experienced a hack in 2014 where the accounts of around 500 million users were compromised, it brings back into focus the importance of businesses ensuring their customers’ data is always protected.

More and more businesses are now using the cloud to store their data. As with all new technologies though, hackers will look to exploit any security vulnerabilities they can find. While it is not yet clear whether the attack on Yahoo! was on a cloud-based system or was due to vulnerabilities present in a third-party application on the Yahoo! website, other high profile attacks have taken place against cloud storage systems in recent years.

In this article, David Midgley, head of operations at Total Processing, examines what has made cloud storage vulnerable to attack and how to make cloud storage more secure going forward.

Consumers are now increasingly comfortable making online financial transactions – I’d even argue that consumers have now come to expect the ease and convenience of making financial transactions in this way. More and more businesses have entered the eCommerce marketplace in order to keep pace with their rivals or seize upon the opportunities that eCommerce presents. However, the public should be wary of handing over their financial details so easily.

Businesses have increasingly begun to embrace cloud storage options in recent years to store their data; among other reasons, cloud storage solutions have meant they no longer need to incur the numerous costs associated with storing all their information in physical data centres. However, some businesses don’t seem to understand the potential hazards of using such a method for storing customer data.

While the cloud has opened up new frontiers, it’s also opened up a whole new world of security issues, as hackers now have another way to try and access people’s personal and financial information. Therefore, it is vitally important that businesses processing and storing customer information do their utmost to ensure it is secure and safe from those with sinister motives.

This unfortunately is not always the case though. The last two years in particular have seen a number of high profile attacks against cloud storage systems being highlighted. For instance, the attack on Apple’s iCloud platform that resulted in the release of the personal photographs of many high profile figures was a big talking point in the summer of 2014. On that occasion, as with the recent attack on Yahoo!, the hacker was able to access highly sensitive and confidential information following a single hack.

As someone who works in the fintech sector, where we are processing large amounts of financial data on a daily basis, I find this very worrying particularly given more and more people now make online transactions due to the proliferation of eCommerce as part of our everyday lives.

It may be unfair though to only shine the spotlight on cloud storage solutions, as hackers will attack wherever they can find a weak spot in a company’s security. This certainly appears to be the case with the attack on Yahoo!, as there is still uncertainty as to whether the hackers gained access via cloud storage or by exploiting a vulnerability they had found in a third-party application that had access to the website. It may simply be that the high profile attack on Apple put the spotlight onto cloud storage systems in my mind, and this has been reaffirmed by the scale of the attack on Yahoo! that has come to light in the last month. Either way, I think it will mean that attention will now start to increasingly focus on cloud storage in the minds of hackers.

Given these most recent revelations, I’m sure we can all agree that online security needs to be a top priority. It really is not difficult either – common sense practices will go a long way to keep your business and the information you’re holding secure. Keep all your security software up to date and implement two-factor authentication. Even keeping the security settings on your email systems rigid will do a lot to keep you protected from external threats.