Tesla hack highlights the vulnerability of cloud services in the wake of the Notifiable Data Breaches Scheme

There are an increasing number of reports of businesses being hacked through third-party cloud providers, with Tesla being the most recent high profile case.

Cloud systems tend not to be covered in risk audits because the providers fall outside of the company’s network, but more often than not, this is how hackers manage to infiltrate businesses.

Furthermore, in cloud deployments, there is always a shared responsibility model. That is, what are you responsible for, and what is the provider responsible for in terms of security.

Clouds platforms provides the building blocks for organisations to build, configure and deploy their systems. Frequently, company’s are compromised through poor configurations that are within their control, but not necessarily assessed or viewed at appropriate frequency.

Businesses who don’t do their due diligence in assessing their cloud service provider against their cyber security policies, or the businesses’ implementations within cloud environments, run the risk of facing fines of up to $1.8m under the new laws set out by the Notifiable Data Breaches Scheme.

There have now been a swathe of attacks resulting in data breaches, particularly targeting common cloud service platforms which are generally implemented with vendor default poor security controls. The fixes to these problems are normally very simple They are just configurations that need to be improved to more secure settings. Starting from this Thursday, organisations will need to place greater effort in conducting more ongoing automated scanning and testing to determine if they are prone to attacks.

The Notifiable Data Breaches Scheme places greater responsibility on businesses to ensure private data is secure, whether it’s held on their own systems or through a third party cloud provider. However, we need to ensure it is properly enforced and not something that is loosely followed. If we are to take cyber security seriously, better transparency will not only help brands with their customers, as it shows they are acting responsibly, but will also help the security community work together to address these threats as a whole.

Murray Goldschmidt, COO of Sense of Security