Latest Google attack highlights problems ahead for cloud operators, say experts

Andrew Gilbert, managing director and founder of Node4, who is an advocate of private cloud system, said that we are seeing increasing reports of cyberattacks at all levels, from rogue governments to the bedroom hacker.

As a result, he says, it is critical that organisations looking to implement cloud computing take the best steps possible to ensure their systems are protected.

"The private cloud has addressed many of the concerns over security associated with cloud computing in the past and we are finding customers increasingly interested in this strategy, particularly with the current backdrop of disruptive attacks", he said.

"This trend complements Forrester's prediction that the market for private cloud solutions will grow from £4.79 billion in 2011 to £9.76 billion in 2020", he added.

Over at the Information Security Forum (ISF), Steve Durbin, the security association's global vice president, said that he advises vigilance in the wake of Chinese spear-phishing attacks on Gmail accounts.

"Phishing attacks are as old as the hills, and although this attack apparently uses a relatively new technique known as spear phishing – targeted attacks on specific email accounts – attackers have been tricking users into divulging confidential details since email began", he said.

"Whether you are a government official with access to sensitive or secret information, or the average email user, everyone must be on their guard and become more security savvy. Organisations also need to reinforce this by establishing clear security policies and educating users about the potential and very real security risks", he added.

Jon Geater, director of technical strategy with Thales e-Security, meanwhile, says the media reaction to this story shows that people are beginning to understand the subtleties of online security.

"There's not a lot to say about this that I didn't say in my Advanced Persistent Threat post (and related articles) except to note that widespread reporting of this issue has been refreshingly plain and understanding", he said.

"I fully expected to see tales of cyber war, Google-bashing and condemnation of cloud security arising from this but instead it seems people (by which I mean mainstream media) are starting to get the idea about things like spear phishing, and understand this attack for what it was", he added.

The attack, he went on to say, was insidious and worrying, but the point is that this this specific attack is not where the damage is being done – that, he notes, will come later when the information harvested is exploited.

"That people are beginning to understand these subtleties of online security is truly a good thing", he said.

"Now all we need to do is fix the systems that make these attacks so easy on all but the most wary of prey. So that's just DNS, HTTP, web browsers, HTML email. Hmm. I wonder if this will get a special mention at this week’s CyberSecurity Summit", he added.
 

What’s hot on Infosecurity Magazine?