Securing the cloud: Lessons learned from 2023 and what it means for 2024
The global cloud computing market is expanding rapidly and reaching new milestones every year. According to recent data, the market is projected to grow from USD 626.4 billion in 2023 to USD 1,266.4 billion by 2028 at a Compound Annual Growth Rate (CAGR) of 15.1 percent during the forecasted period.
The industry's rapid financial growth is also driving new technological advancements. With this, the dynamic and innovative nature of cloud technology brings new security vulnerabilities and risks, thereby every year increasing the number of malicious incidents. According to the 2023 Thales Cloud Security Study, more than a third (39 percent) of businesses experienced a data breach in their cloud environment last year, an increase from the 35 percent reported in 2022. The leading targets for hackers were Software as a Service (SaaS) applications (38 percent) and cloud-based storage (36 percent).
The growing number of hacker attacks keeps cybersecurity a top priority for enterprises, including those operating on the cloud. With the technology rapidly emerging, security strategies must adapt to the changing environment to combat potential threats. Looking back and analyzing past security breaches is crucial for preventing future malicious attacks. In this piece, we will look closely at the most high-profile cases of cloud security breaches in 2023 and draw insights that can benefit the modern company’s cyber security strategies in 2024.
High-profile hacks of 2023
While the adoption of cloud by small and medium-sized organizations has seen a huge boom, large enterprises continue to be the main drivers behind the cloud computing industry's growth. However, they also remain the prime targets for malicious organizations and hackers. Millions of people were impacted by several serious cloud security incidents affecting various larger-scale organizations in 2023. These incidents had far-reaching consequences, leading to financial and reputational losses, data theft, and operational disruptions.
One of the biggest cases of 2023 happened at the start of the year when it was discovered that over 37 million customers of T-Mobile, one of the largest wireless carriers in the United States, had their personal and account information accessed by a malicious actor via an API attack that began as far back as November 25, 2022. It took the company several months to discover the breach, which caused operational disruptions and exposed the sensitive information of millions of individuals.
In May 2023, several companies experienced severe security breaches due to a vulnerability in a third-party web transfer application, Progress MOVEit Transfer. The Verge claims that the MOVEit case was one of the most serious breaches of the year and could be the biggest data theft of 2023. As per the company’s internal investigation statement, the attack allowed the hackers to access a certain amount of personally identifiable information. This attack affected approximately 77 million individuals and 2,630 organizations. Among the customers affected by the MOVEit attack were the Louisiana Office of Motor Vehicles, Shell, and the United States Department of Energy. By the end of May of 2023, Progress Software, the company which developed MOVEit, patched the flaw.
Later in June of 2023, Toyota had 260,000 customers’ data that was managed in the cloud environment exposed online due to a misconfigured cloud environment. The incident impacted Toyota's customer data in Japan and overseas. Although not much sensitive data was affected, it highlighted that a simple misconfiguration can open the door to hackers. Additionally, this case was another example of how long it can take before a breach is discovered, with Toyota sharing that the data had been exposed from February 2015 to May 2023.
Why private cloud needs a second look in 2024 when it comes to cybersecurity
As enterprises rapidly adapt to the constantly changing business landscape and actively adopt cloud infrastructure, they must also understand the importance of strengthening security posture strategies to mitigate risks of cyber-attacks and data breaches. As data breaches become more frequent, it is becoming crucial for businesses to take back control over their data. Many are already reviewing their cloud strategy, opting for more secure cloud architectures.
One of the emerging vulnerabilities of cloud systems that experts find is in the rapidly expanding public cloud market, and in constantly evolving public cloud products. The multi-tenant nature of public cloud infrastructure increases the attack surface area, as many users are sharing hardware, resulting in the potential for more vulnerable or even malicious code to arise. So, keeping data in the public cloud could pose a significant risk, especially to companies handling sensitive information.
In contrast, a private cloud offers companies a single-tenant infrastructure on dedicated hardware. This significantly reduces the risk of data breaches or cyber-attacks, as there is only one company's code presence. This type of infrastructure also offers a more customizable security suite.
The available benefits of the private cloud, including greater security and control, have made many companies rethink their cloud strategies and move their data from the public cloud to a more secure private cloud. While many organizations have historically opted for the public cloud, statistical data shows that in recent years, an increasing number of companies have started moving to the private cloud to safeguard their most sensitive workloads. And as a result, the private cloud market is expected to grow by almost 30 percent between 2022 and 2029 and is projected to reach a total value of over $528 billion.
Cover all bases with a hybrid cloud approach
In search of the protection of sensitive data in the cloud, more companies are adopting hybrid architectures. A hybrid cloud, with both public and private elements, enables the security benefits of a private cloud infrastructure. At the same time, it keeps the system scalable and flexible by using public cloud resources. According to Cisco's 2022 Global Hybrid Cloud Trends, 82 percent of IT leaders are already adopting hybrid cloud infrastructure.
A hybrid cloud model enables organizations to pick and choose what they want from public, private, and on-premise infrastructure to build the right solution for them.This approach allows businesses to distribute risk across different platforms, thereby strengthening overall security.
Some companies hesitate to adopt a hybrid cloud infrastructure due to the common myth that it is difficult to manage. They believe that unifying private and public cloud infrastructures under a single control layer is a challenging task. This challenge can be addressed by partnering with managed cloud service providers. These teams have the necessary skills to streamline processes between public and private clouds and deal with emerging cloud misconfigurations and application vulnerabilities.
Conclusion
The cloud strategies and solutions companies adopt to manage their data should be chosen strategically and always align with the company’s specific business needs. As the cloud infrastructure landscape evolves and new technologies emerge, reinforcing security postures and revising cloud security strategies remains crucial. Establishing and maintaining a robust security infrastructure will remain a top priority of IT leaders worldwide in 2024 as digitalization pushes to store sensitive data online. So, learning from numerous cases of disastrous security incidents in 2023, why not make 2024 the year to prioritize your cloud security?
Jon Lucas is co-founder and director at Hyve Managed Hosting.