On cloud security and the Ukraine war

If there were ever two hot topics… The Cyber Security Coalition and top cybersecurity trainer SANS  Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.

Design for growth

A trek to the cloud does not absolve companies from the need and obligation to maintain secure information environments, particularly regarding the care for data. In his ‘Where does the data go?’ presentation, Simon Vernon, head of R&D at SANS Institute EMEA, points out that in the cloud, companies lose the erstwhile clear control over data – including sensitive data – of ‘on premise’ environments. Gone are the classic lines of defence, with a company’s ‘ID and Access Management’ (IAM) system becoming the new perimeter, in operationally dynamic systems.

Vernon stressed the importance of understanding and using available tools in AWS and Azure, in order to find the whereabouts of data and tracking the related processing paths. As well as the need to check how this data infrastructure is fused into the solution and code (e.g., in order to avoid forgetting authentication etc.).

To avoid data disasters, cloud solutions “must be designed for security, with an appropriate architecture with growth in mind.” This implies a strategy related to tracking data, as an element in the management structure of the environment. In one example, while reviewing an implementation, Vernon found out that a company was unknowingly replicating health-related data across a multitude of systems…

Bottom line: going ‘cloud’ isn’t simply a matter of throwing an on-prem solution over the wall. It requires solid attention to strategy and architecture, with the use of all available resources to stay on top of what’s going on in your cloud environment.

Stay calm and carry on

The war in Ukraine is also being fought on the cybersecurity battlefield, stirring fear regarding digital safety in government and industry organizations. Kevin Holvoet, lead van het Threat Research Centre of the CyTRIS department at the Centre for Cyber Security Belgium (CCB), provided in his ‘What can we learn from the war in Ukraine?’ presentation some thoughtful and very welcome insights and recommendations.

As the national authority for cybersecurity in Belgium and recipient of a wide variety of shared information, the CCB is well placed to restore some peace of mind.

Indeed, while Russia focused its cyberwar efforts on Ukraine, an overview of attacks indicates that Western countries and companies were by and large not afflicted, except for some indirect impact (e.g., loss of communication with wind power generators because of the Viasat attack). Some government organisations and companies were targeted because of statements or actions (e.g., withdrawal from the Russian market), with the publication of company and people information considered as potentially a more serious danger.

Actually, some usual threats, such as ransomware, decreased in number. However, a significant increase in espionage efforts was reported in Belgium and the rest of Europe, including attacks on information regarding Ukraine. Several groups of hacktivists also announced they were taking action (with announcements by Belgian actors quickly being quashed by the CCB). Clearly, not all activity, whether or not targeting Ukraine, originates from Russia.

Kevin Holvoet also warns against focusing all efforts on Ukraine-related threats, while neglecting other ongoing threats (e.g., a number of APT groups; new banking Trojans; access information being sold by Initial Access brokers; etc.).

Some conclusions: the rest of Europe was not the focus of Russia; information warfare is waged by both sides; most attacks were preceded weeks or months by preparatory activities; criminals and hacktivists align with one or the other side; and decisions and/or statements can change the hostile intent of actions.

Kevin Holvoet strongly recommends to keep calm, analyse all information and not to react crazily. “Keep doing what you’re doing,” “stick to your security plan” and “sit together with your risk management group, and learn from each other.”

And do consult his presentation for the interesting list of information sites!



Other blog posts

NIS-2: Where are you?

In December 2020 the European Commission published a proposal to repeal the current NIS Directive (European Directive on Network and Information Systems) and to replace it with a new Directive: the so-called NIS-2 Directive. This post will give an update on the status of negotiations of NIS-2, and will outline the aspects we already know and don’t know about the upcoming Directive’s final form.  

Privacy Focus Group – Practical AI Use Cases

It is easy to drown in the sea of dire warnings about the danger of AI, in particular to our privacy. The main point is that AI in good trust is possible, but requires solid, long term and well-structured approaches. This session of the Privacy focus group offers some crucial insights and welcome examples.

30 November: Computer Security Day: Ada Lovelace

On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.


Share this useful content with friends: