Cyber Security timeline – 2018

The cyber security is one of the major challenges in the present world. Companies are under constant threat and it can turn out to be the worst of the nightmares for system administrators and security professionals. Hackers gain access to system and data, this can be due to multiple holes in the security system or mishandling of the data.

Hackers intend to have undue benefits by stealing mission critical information, locking access to systems or files, or leaking proprietary information.

Cyber security attacks have high impact on the organizations of all sizes. It can destroy the entire organization by damaged reputation, legal suits and government compliance variance.

Hackers utilize different methods to attain access to the systems and data, these need prevention strategies and techniques.

Different types of cyber-attacks:

  • Social engineering and Phishing: This is one of the oldest and simplest way of hacking by posing as legitimate page/email etc. to trick people onto into entering sensitive information.
  • Cracking: Hackers use high-powered computer programs to automate the systematic cracking of passwords by trying different potential permutations and combinations
  • Crypto-Jacking: the victim unknowingly installing a program that secretly mines cryptocurrency.
  • Crypto Currency: The hackers attack the crypto currency by targeting the Blockchain and taking control of Bitcoins. With the advancement on of the technology, and Blockchain are broken and taken control of currency.
  • Internet of Things: Ubiquitous connected devices are subject to hacking and hackers take advantage of these internet connected devices in two ways.
    • Attack on the fleet of devices to destroy or control them.
    • Use the fleet of devices to attack by using enormous compute power of millions connected devices.
  • Man in the Middle Attack: An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
  • Software Sub-Versioning Flaws: The attacker takes advantage of the flaws in the system and creates a back door in the software and attacks the system.
  • Ransomware: Hackers attack by locking specific, highly sensitive files on the user’s computer or servers and ask for ransom stating that their files have been locked, and that they will only receive the encryption key if they pay a specified amount to the hacker, usually through crypto currency.

Biggest data breaches of 2018

Jan-18 Feb-18 Mar-18 Apr-18
Careem — 14 million – User names, email addresses, phone numbers, and trip data.

Source: Reuters
MyFitnessPal — 150 million – Users’ usernames, email addresses, and encrypted passwords.

Source: Business Insider
Cathay Pacific Airways — 9.4 million – Approx 860,000 Flyers’ passport numbers; 245,000 Hong Kong identity card numbers; 403 expired credit card numbers; and 27 credit card numbers without the card verification value (CVV).

Source: Reuters
Chegg — 40 million – Users’ personal data including names, email addresses, shipping addresses, and account usernames and passwords.

Source: ZDNet
May-18 Jun-18 Jul-18 Aug-18
Ticketfly — 27 million users’ personal information including names, addresses, email addresses, and phone numbers.

Source: The Verge
SheIn.com — 6.42 million users’ email addresses and encrypted passwords for customers’ online store accounts.


Source: ZDNet
SingHealth — 1.5 million citizens’ names and addresses in the Singapore government’s health database, and some patients’ history of dispensed medicines.

Source: BBC
T-Mobile — Approx. 2 million users’ encrypted passwords and personal data, including account numbers, billing information, and email addresses.

Source: Motherboard
Sep-18 Oct-18 Nov-18 Dec-18
British Airways — Approx. 380,000 users’ Card payments were exposed by “criminal” hack affecting bookings made on the airline’s website and app.

Source: Business Insider
MyHeritage — 92 million – Users’s email addresses and encrypted passwords of users who have signed up for the service.

Source: Business Insider
Quora — 100 million- Account info including names, email addresses, encrypted passwords, data from user accounts linked to Quora, and users’ public questions and answers.

Source: Reuters
Saks and Lord & Taylor — 5 million – What was affected: Payment card numbers put up for sale more than 5 million stolen credit and debit cards.

Source: Associated Press

The above timeline clearly indicates that at least one major cyber-attack was impacting millions of internet users every month. There were other major cyber-attacks reported in 2018 by some of the most tech savvy companies like Google, Facebook etc. This clearly indicates that all big / small companies are under continuous threat and impacts are disruptive.

What has changed in last 2 years?

  • IOT devices: The IOT devices are ubiquitous and increasing at a great pace. The cyber security for the IOT is still at low maturity and the surface area for of cyber-attack is very high. This makes it a big challenge for the security professional to build strong prevention and protection mechanism.
  • Authentication through the mobile devices: The access management and authorization through mobile devices is growing at a rapid pace. This makes the credential and key management a big challenge.
  • Identity solution moving to the cloud: The enterprises used to have unified way to manage the identity through LDAP and AD based systems. This changed with identity management shifting to cloud through IAM and similar technologies. The identity federation has also evolved and now spread over the different environments.
  • Rise in AI/ML technology accessibility and ubiquitous cloud resources. The AI/ML based security systems are evolving and updating to build prevention and protection systems. At the same time hacking community is using these technologies to build very sophisticated cyber-attacks.

Cyber Market Trends:

The traditional security systems are not going to be sufficient in the new age of technology. Cloud systems are rapidly replacing the traditional systems. With IOT and mobile ecosystems, the surface area is wide and difficult to control. The users want the higher freedom and ease of access, which further increases the risk.

The compliance and governance are evolving, but the question is, are these compliances effective and how can you measure that effectiveness of the controls. A new set security tools are taking birth to handle the new security needs. These tools are based on measuring the effectiveness of the security systems by modeling the threat pattern. These tools use the MITRE ATT@CK security framework. Tools such as Verodin which are based on ATT@CK are measuring the effectiveness of the security systems and helping you define the security layers and prevention tools and techniques specific to your environment.

New security tools are built keeping effective measurement at the center. Cloudlytics is such a tool which provides effective measurement of controls put on the cloud environment (AWS) as per the specific requirement of your organization. This also gives you real-time measurement of the controls on simple granular dashboards and alerting system.

Monitor your business’ security in the cloud. Book a free demo now!

Security By Design?

With the cloud adoption, the security needs to be rethought and the approach needs a fresh look. The traditional approach to the security is restrictive and control driven. With cloud in the center the agility and speed are key drivers for the adoption. The security needs to be integrated right from the development & programming process, with DevOps pipeline and automated surveillance. This has led to Security by Design.

Security by design is an approach to build the application and systems which have one of the key design parameters as security. This approach is opposite to the working in the environment where security is audit driven and afterthought. Security by design is an approach where you consider that malicious practice is expected to happen, design should be such that it has minimal impact due to any of such security attack or malicious activity. The design of any system or application should consider graceful handling of such malicious acts /events by following approach. 

  • Build a zero-trust approach, privileges and access should be highly classified
  • Anticipate security vulnerabilities and discover security vulnerabilities as you develop code
  • Real time Logging and Monitor the systems
  • Control Vs Surveillance – Build system which provides real-time security audit control

Security by design is achieved in 4 phases

Phase 1: Requirements definition and security outline:

Security requirements depend on the criticality of the system and the level of security required. The security enablement is taxing and complex, this needs additional layers of engineering, it becomes important to define the level of security required. The security control matrix should be well defined to make sure we have the requirement definition broken down into different controls. The security standards also help to build the control matrix required for the different IT systems.

Phase 2: Build DevOps pipeline with automated security validations and verification:

The security needs to be integrated in the coding practices and the validation needs to be part of the build and deployment process integrated into the DevOps pipeline. This helps in identifying the security loopholes at the coding level, making sure the system is secure to handle the code level malicious attacks. Defining the right tool chain for DevOps pipeline, which has built-in security level code validations is required. This also helps in the making sure that the code quality is high through the development life cycle.

Phase 3: Identify the tools for different layers of security:

Security needs different layers to make sure IT system is secure. These layers can be divided into the following areas

  • Infrastructure
  • Network
  • Operating system
  • Code and Data layer

We need to identify the requirement of the security systems at all the levels and build automated tool chain to handle different layers.

Phase 4: Setup Real-time security audit controls:

The continuous audit and compliance are key metrics to measure the security of IT systems. In the dynamic cloud environment need to real-time compliance audit and reporting. This makes sure the systems are secure as per the control requirements. This is achieved by building automated governance systems for controls to be audited in the real-time.

Cloudlytics – SaaS based tools, cloud security and automated audit compliance.

Cloudlytics has been built by keeping in mind the requirement of phase 3 and phase 4 mentioned above. Cloudlytics helps with automated real-time governance and audit controls. It has building blocks for the strong real-time monitoring of the cloud environments.

Cloudlytics provides per-packaged automated real-time audit compliance to industry standards on Cloud such as PCI, HIPPA, GDPR, MAS, ISO and others.

Future of security by design:

With the development in the field of Machine Learning (ML) the automated validation and verification will be done to extend to self-healing systems. The compliance and automated audit will automate the self-control needs and build on the control requirement. This will help in defining the controls as and when new vulnerabilities are identified. Machine Learning and advance analytics will chance the security landscape completely.

User Access Management

“Access Control” is the process that limits and controls access to resources in Cloudlytics account.

Access controls manage the admittance of users to the system and resources by granting users access only to the specific resources.

When you create a Cloudlytics account, you create a root user account which can be used to login for the first time into Cloudlytics.

When you log in using root user credentials you have complete, unrestricted access to all resources in your Cloudlytics account.

The following section will help you to manage user and permissions to provide secure, limited access to your resources for yourself and newly created users.

In Cloudlytics there are 2 types of users

• Root User

• Sub User

Sub User again can be classified into the following two types

• Sub User with Administrator access

• Sub User with Limited access

Root User

All accounts have root user credentials (that is, the credentials of the account owner). These credentials allow full access to all resources in the account. This user is the one who has created an account in Cloudlytics. Depends upon the subscription root user can create the resources(Streams and Compliance) in Cloudlytics. Root User can create Sub User with Administrator access or limited access.

Sub User with Administrator access

Sub User with Administrator Access is a user with privileges that have advanced permission as compare to the Sub-user with limited access that is necessary for the administration of the account. For example, an Administrator user can create new sub-user with Administrator Access or Sub-user with limited access, streams, compliance, visualization etc excepts subscription buying and an account deactivation.

Sub User with Limited access

Sub User with limited access is a user with restricted privileges as compared to another type of users. While creating sub-users with limited access by, root user or administrator user, limits on the resources such as streams and compliance has to be provided. Depending upon the limits granted to sub-user, sub-user with limited access can create streams and compliance.

Note: When Sub-user with Administrator access or Sub-user with Limited access is deleted all the resources configured by those users are reallocated to the root user.

Groups :

In most of the cases, however, you want to limit a user’s permissions to certain resources only.

By default, a newly created Sub User with limited access has no permissions to do anything. The user is not authorized to perform any operations or to access any resources. For a large number of Sub User with limited access it becomes a tedious job to attach permission to each and every user, So to avoid this, create a group and assign permission to the group and attach Sub User with limited access to those groups.

All Sub Users with limited access should belong to a specific group. In case any sub-user with limited access doesn’t belong to any group then that user is unauthorized to perform any actions and access any resources.

All the permission to access resources within Cloudlytics are attached to groups. So it is recommended that the user belongs to some group.

Now let’s say a company namely ABC using Cloudlytics has 100 employees. Out of 100, only 20 are developers. Out of those 20 developers, let’s say only 10 requires read-only access and others require full access to resources. So instead of assigning permission to each developer, create a group in Cloudlytics account with read-only permission for users who require read-only permission and another group with full access for those users who require full access.

Root user or Administrator user can update the role of the already created user.

To enhance the security, MFA can also be enabled for the with Sub-User with administrator access or Sub-User with limited access.

Group Permission is divided into two main categories as Streams and Compliance.

Streams Permission :

In streams, permission section users can be given following permission

• Read Only: User gets only read-only permission that is user can only see the data but cannot perform a certain operation on the data.

• Stream: User gets full access to the stream operation that is user can pause, rename, delete or regenerate token of the streams.

• Visualization: User gets full access to the visualization operation that is users can create or delete visualization.

• Alerts/Notification: User gets full access to the Alerts/Notification that is users can create or delete alerts/notifications.

Compliance Permission :

In compliance permission, a user can be given following permission

• Read Only: User will get only read-only permission that is user can only see the reports and download them but cannot suppress rules.

• Full access: User gets full access to the compliance that is users can create, update, edit, delete compliance and can suppress rules

User Access Management demands a high level of accuracy. We can help. Book a free demo here!

Maintain Compliance with your AWS Account

Stay secured with round the clock Cloudlytics Compliance Scanning of your Cloud Environment.

  • Identify & Manage Risks – Perform exploratory scanning for your entire cloud infrastructure with adherence to highest standards and exploit vulnerabilities.
  • Compliance Management – Collect, record and analyze data as per mandatory compliance. Find and detect loopholes which may not adhere to certain security standards. Cloudlytics adheres to 10+ Compliance while scanning cloud infrastructure including CIS, PCI DSS, ISO 27001 etc.
  • Customizable Dashboards – Cloudlytics provides fully customizable dashboards of your cloud infrastructure. Generate actionable insights for your data which can be viewed through multiple dashboards type of a setup.
  • Daily and Custom Scans – Perform periodic compliance scans to increase invulnerability and stay ahead in competition. Moreover, you can customize the daily email risk summary report which can be delivered to multiple stakeholders at a specific time.
  • Extract Highly Detailed Reports – Cloudlytics enables enterprises to extract highly detailed reports of cloud infrastructure and risks. Users can view and download reports for risks including – user attributing, affected resources if any, teams, affected processes, and much more.
  • Get Direct Remediation for Quick Fixes – Cloudlytics highlights the remedial action that needs to be taken in order to adhere as per the compliance. Cloudlytics provides a step-by-step guide for getting the infrastructure back to a safe and a secured state.
  • 100% Accuracy in Reports – Extract reports which are 100% accurate and genuine. Know the true health of your infrastructure in a systematic way.

Safeguard Your compliance in the cloud today. Book a free demo here!

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!