Log In




Register

Problems logging in?

Contact us

Welcome to the redesigned Risk Management Plus+ Online, a robust website brought to you by Travelers designed to help you mitigate your management liability and crime exposures. The new Risk Management Plus+ Online includes articles, checklists, best practice minute videos, podcasts, and a sample employee handbook to help you manage not only your employment practices risks, but also cyber, crime, directors & officers, fiduciary, kidnap & ransom, and identity fraud exposures. The site has been redesigned to provide this content in a streamlined and efficient manner.

Cloud Apps And Cloud Storage: The Cyber Risks Associated With Both

Cybercriminals have become more successful at delivering malware through cloud apps.

Netskope, a threat and data protection provider, has blocked an increasing number of malware downloads from cloud apps, which now make up an increasing share of total malware downloads. The percentage of malware downloads from cloud apps increased from 46 percent to 73 percent and then plateaued at 66 percent.

Google Drive replaced Microsoft OneDrive to become the top app for malware downloads in 2021.

The number of credential attacks against managed cloud apps remained level in 2021 compared to 2020. These attacks comprise more than half of all managed cloud app instances. However, the number of sources of these attacks increased markedly in 2021, with each source carrying out fewer login attempts.               

Cybercriminals are also continuing to deliver malware in Microsoft Office documents. Emotet led to a spike in malicious Office documents in the second quarter of 2020. Malicious Microsoft Office documents now represent one-third of all malware downloads, compared to one-fifth before Emotet. The quality of malicious documents also remains higher post-Emotet.

Employees left their jobs at twice the rate in 2021 than in 2020, increasing the risk from insider threats. More than one in seven employees who left their jobs used personal Cloud Storage apps to take organizational data with them.

The popularity of Cloud Storage apps among users is a primary reason they are increasingly used for malware downloads and insider threats. "Cloud and Threat Report: January 2022 Edition" www.netskope.com (Jan. 2022).

Commentary

The Federal Trade Commission (FTC) provides organizations with six tips to increase their cybersecurity when using cloud apps.

First, utilize security features offered by the cloud service provider. Follow guidance for how to configure your settings in the most secure way possible. Protect cloud storage apps with strong, unique passwords and multi-factor authentication. Unless there is a legitimate business necessity, employees should not have access to your cloud resources.

Second, regularly inventory what you keep in the cloud. Knowing where your data is and making sure security configurations and access rights align with the sensitivity of your data are essential to data management. Test for misconfigurations and potential security failings.

Third, do not store sensitive information unless there is a legitimate need to do so. Although cloud storage provides a lot of storage room, resist the temptation to keep data “just in case.”

Fourth, consider encrypting data that you rarely use. If the data contains sensitive information, you should encrypt it no matter where it is stored.

Fifth, pay attention to credible warnings you receive from cloud providers or security researchers. Investigate your cloud storage app and check security settings.

Finally, detail who oversees what in cloud contracts but remember that securing your data is ultimately your responsibility. Using a cloud service does not mean you outsource data protection. Use security tools provided by the app but also have your own written data security program detailing how you will protect sensitive information. Elisa Jillson and Andy Hasty “Six steps toward more secure cloud computing” www.ftc.gov (Jun. 15, 2020).

Finally, your opinion is important to us. Please complete the opinion survey:

Twitter Feed