Wow, that's quite a list! I ask an earnest question as security is not my forte, are there more breaches since the move to cloud or just bigger breaches as there is more data stored in one place? I'm not even sure that's best way to ask that question. How about, is cloud security worse than previous security efforts by Corporations? Hopefully, some of you can both understand and answer my question.
Here's your quick-fire summary of recent computer security news. Docker: Someone broke into a database holding Docker Hub account information, and managed to siphon off non-financial records on 190,000 users before the exfiltration was, presumably, detected and stopped. The intrusion happened on Thursday, April 25, though …
Tuesday 30th April 2019 11:32 GMT csecguy44
The number of (disclosed) breaches is growing for sure, as well as the potential impact and severity. I couldn't point a finger at the "cloud era" as such, or at least not as a single reason. Sure, there is now a lot more information and a lot more services "up there", which simply means the target is larger, and therefore easier to "hit".
There is also a learning curve involved for IT pros, who are "used to" securing on prem solutions, as well as a level of ignorance from the business that thinks "it's fine, it's in the cloud, we don't need to worry about it".
And one of the bigger issues would probably be the speed of the IT/Security processes. In today's world it isn't easy to keep up with cyber criminals, who jump on vulnerable systems in the matter of hours or days, where IT need to follow testing/proving/patching that may take weeks.
Naturally, there are tons of different other reasons apart from the above, each worth an in depth conversation on their own.
Tuesday 30th April 2019 13:33 GMT GnuTzu
Future of Black Lists
I don't know how else to say it, black listing will lose some it's value as they come under attack in the growing cyber war, particularly the more automated, less costly type. Minor miscreants might not think it's worth the effort to mount such attacks, but growing state-sponsored entities will. Black listing is going to become more and more expensive, and white listing and other more expensive risk rating systems will become more and more necessary. And, the automated portion of these things will have to get more sophisticated, employing big-data analytics and AI. Unfortunately, this will hasten the time to create AI that recognizes when it's attacked and retaliates. Insert references such as Wintermute, Skynet, Elon Musk, any other suitable cyber-war doomsday prediction here.