Cloudy with a chance of ransomware: Third-party cloud tools are putting you at risk, says OmniIndex
April 2024 by OmniIndex
It’s time to move on from our reliance on third-party tools built on easily exploited infrastructure
At present, an overwhelming proportion of businesses are placing their sensitive data in the hands of third-party cloud tools that are plagued by a multitude of vulnerabilities. This is according to OmniIndex CEO and data security expert Simon Bain, who argues that businesses must embrace modern technologies or risk attacks, as ransomware attackers continually exploit third-party cloud tools’ weaknesses to gain access to customer data.
In fact, according to Veracode’s 2024 State of Software Security report, almost half (46%) of organizations have persistent, high-severity security flaws that constitute critical security debt, with over 10% of these deemed very likely to be exploited by attackers. To add to this, last year, the FBI’s Cyber Division warned that ransomware actors often ‘gain access through third parties and legitimate system tools.’
Bain commented: “Due to the prominence and danger of the vulnerabilities in their infrastructure, organizations using legacy cloud services are left with two stark choices: Stop using third-party tools and cloud platforms to eliminate the risk or accept the risk and cross your fingers that your data and your customer’s data is safe.”
“And when it comes to customer data, gambling with other people’s sensitive information can lead to huge losses.”
According to one report at the end of 2023, a third of businesses are still not implementing cloud technologies, with ‘security’ cited as one of the key causes. Additionally, 25% of organizations surveyed in the UK have turned their back on external third-party tools and the cloud by moving back to on-premises infrastructures.
However, Bain insists that shunning cloud-based tools altogether is unnecessary and even unwise:
“There is simply too much innovation and business benefit built in the cloud not to use it at all. Instead, organizations must take better care of their data and take responsibility for it. All businesses must stop assuming that they’ll be protected by cloud’s existing security measures. Popularity and large revenues doesn’t always equal security.”
"The only way to protect data from the growing threat of attack is to take back control through decentralized storage. The modern web3 decentralized data storage and encryption technology available today means that these often business-critical third-party tools can be used without owners having to hand over access to the data itself.”
“By adopting blockchain and homomorphic encryption technology, businesses can use all leading analytics and productivity tools and provide real-time insights to users without exposing themselves or their customers to any potential risk from third-party security debt or security weaknesses.”
“For example, health and wellbeing startup UniqHealth is developing a new app built on decentralized infrastructure to offer personalized advice and support to users based on information added to the user’s secure diary. Inputs include data synced from wearables, test results, and the user’s diary entries focused on areas including gut health. All of these are highly sensitive and private.”
“To ensure this information is accessible and analyzable without any risk of exposure, it is stored in a decentralized blockchain rather than in third-party cloud storage. It is only added to analytics and AI tools in a fully encrypted state. Businesses handling such sensitive data should follow suit and explore the viability of new technologies if they’re serious about protecting it.
“At the moment, it is simply irresponsible to gamble the safety and privacy of customer data through legacy technology that has proven itself unfit for purpose. Businesses have successfully adapted to many changes over the years, this is simply the next step in modern and secure data storage.”