AS cloud-based services continue to increase in scope and scale, there isn’t a single organization that wouldn’t benefit in some way from the cloud, Fortinet Inc. said.
“Indeed, with the promise of lowering Opex [operating expense], while reducing or even abolishing Capex [capital expenditure], the cloud can enable an organization to better focus on its core business, which is something that every C-level executive wants to hear these days,” the company said in a statement. “As a result, the cloud has seen immense growth over the last couple of years.”
But the security risks that arise from such a profound change are not to be taken lightly, Fortinet said. Citing industry research, Fortinet said more than 95 percent of all enterprises today have at least one system on the cloud, with 71 percent of these companies having some of their assets running on a hybrid cloud.
“The cloud is here to stay, and has already shifted the way these companies conduct their business.”
One of Fortinet’s predictions for 2017 is that the Internet of Things (IoT) will become the weakest link for attacking the cloud.
“That threat can come in many forms, as IoT devices have been shown to be more likely to contain easily exploitable vulnerabilities, making them a growing target for cyber criminals seeking, for example, to expand their botnets and ‘weaponize’ them,” the company said.
It explained that IoT-based Distributed Denial of Service attacks have already shown their power to disrupt business. Fortinet cited as example a recent attack that was so massive that it reached the 1 terrabyte-per-second mark, with all traffic being sent from IoT devices.
“Not only are IoT devices an attractive target because of their inherent insecurity, but also for the role they play in some organizations, such as closed-circuit television cameras, which can provide real-time information about everything that is happening at a given location,” Fortinet said. But vulnerabilties are not the only issue. As IoT devices are being deployed, they must also be managed, and they are increasingly being managed by cloud solutions that require a communications channel between the IoT device and its master controller in the cloud.
“We expect to see attacks leverage this trust model in order to poison the cloud, and then use that beachhead to start to spread laterally,” Fortinet said. “These end devices can then be exploited to misuse their trusted relationship to upload malware to, and distribute it from the cloud.”