Talk-Talk hacked by a 17 year old
...and he said it wasn’t even that difficult.
Tesco Bank facing a multi-million pound fine
...in the wake of an attack that saw money taken from 20,000 customer accounts.
I could go on…
But there is one thing that is consistent across these incidents. None of them were due to hosting services in the Cloud. Now that is strange. Many clients I talk to about Cloud hosting get very nervous about security. It’s something new, something that could introduce risk, something people don’t fully understand.
But in reality, the facts show it is actually non-Cloud based services that run a higher risk of exposing your most important data. The thing about cyber attacks is that they are going to happen wherever you host your data. And they are getting more sophisticated.
James Blessing, chairman of the Internet Service Providers' Association said "It only takes one bad actor to go in there and get the entire database,". And he represents BT, Sky, Virgin Media, TalkTalk and others.
The only answer is to keep one step ahead of the bad guys. That’s really difficult if you are managing your own technology. If you are with one of the top-end managed cloud providers, the likes of Amazon AWS or Microsoft Azure, then you are much more likely to be ahead of the game.
Digital technology is moving faster. Cloud services are able to keep up. They are more up to date. They have to host a multitude of different businesses. They have modern tools with everything available to help you keep ahead of the hackers. The big cloud service providers continually need to update their services to protect their reputation. Amazon’s AWS for example has over 18,000 security controls. It’s as good as you can get technically to be secure.
Many are still not convinced, and it’s not just security concerns. Here are just a few I’ve come across recently.
We want to see the servers that our supplier is providing.
Clients often want to visit the data centre and physical servers they are paying for. Cute, but out-dated thinking - anybody can show you a room full of servers.
We need to know where our data is.
If you know where it is, then probably everyone else does.
We need to manage who has access to our servers.
That’s what Talk-Talk thought, but there was a 17 year old in Norwich who also had access.
I’m not saying cloud alone is the answer to your cyber security concerns. You can miss-manage your cloud services the same way as you can miss-manage internal services. It is just a lot easier and therefore more likely to be managed better.
Good job I stopped using my Yahoo account 10 years ago!