AWS Users: Here's What You Need to Know About Your Security Risks

AWS Users: Here’s What You Need to Know About Your Security Risks

With the widespread adoption of remote work over the last year due to the COVID-19 pandemic, the need for cloud-based services dramatically increased as many businesses migrated to the cloud.

Looking to 2021 and beyond, this trend shows no signs of slowing down any time soon.

The cloud has immense benefits for business. It is efficient, cost-effective and allows companies unprecedented room to scale. However, it is an easy target for attackers. Simple mistakes and misconfigurations of cloud settings were a leading cause of data breaches in 2020, costing businesses US$3.86 million.

Organisations should take stock of the security implications of the cloud and identify any vulnerabilities in their current infrastructure.

The Rise of AWS

One of the most popular cloud-based services is Amazon Web Services (AWS). AWS is a simple pay-as-you-go cloud computing solution designed for all types of organisations.

But even with the backing of one of the world’s biggest companies in Amazon, AWS still needs maintenance from its end-users to ensure complete protection.

Uptake of and conversion to AWS is growing, and with it comes a whole new language that users need to know to stay safe. While AWS is responsible for managing a number of security controls, businesses that use the AWS environment are also responsible for ensuring that virtual appliances and services are correctly configured to avoid any vulnerabilities. To read more about the responsibilities between AWS and businesses who use AWS, have a look at the AWS artifact.

And when you are not aware of your responsibilities with AWS, it makes your business extremely vulnerable.

How do you ensure PCI Compliance in an AWS environment?

Stratica uses automated compliance assessment tools to help clients stay on top of their AWS environment security.

If you are using AWS and want to make sure your e-commerce site is as secure as possible or find out more about securely switching to AWS, contact me.

Lack of Security Puts Charities At Risk

A UK study shows that charities that facilitate donations through online platforms are at serious risk of falling victim to cyber-attacks.

Published by the UK Department for Digital, Culture, Media and Sport, The Cyber Security Breaches Survey found that 26% of charities experienced a cyber breach in the last twelve months.

The most common types of cyber-attacks were:

Phishing attacks, accounting for nearly 80% of breaches.

Hackers impersonating charity emails, accounting for 23% of all attacks.

Viruses, spyware or ransomware (16%).

Other less-common attacks charities saw included:

Unauthorised listening into video conferences.

Taking over charity’s accounts.

Hacking bank accounts.

A significant challenge over the last year has been the shift to working from home during the COVID-19 pandemic, which meant charity employees typically worked from their personal devices, many of which are not secure.

Why are charities at risk?

Regular donation programs and online platforms that beneficiaries can access require

the storage of credit card details or other sensitive personal information.

However, with the risk of cyber crime so high, a breach can mean that the charity’s ability to attract donors online successfully is at stake, and following a breach, charities only have a one in five chance of getting a customer back.

One of the more recent victims of payment security data breaches was OXFAM Australia. In this case, cybercriminals unlawfully gained access to the charity’s supporter data. A similar incident occurred at the RSPCA.

It will be tough for these charities, and the countless others, who fall victim to a cyber breach to fully regain the trust of their current and future donors. So, to secure the future of your charity and those you support, prevention is the best cure.

How can charities protect themselves against a breach?

Charities rely on making it easy for donors to support them online, so they can’t afford any security risk. To prevent a security breach, charities should undertake regular vulnerability scans and patching.

Reading over Stratica’s “Payment Security Checklist” is a useful guide to securing payments to your charity and protecting the generous people who support you.

For a complimentary security assessment, please get in contact with me so I can help you further understand the steps to protecting your charity from a devastating breach.