535 Connecticut Ave. Suite 104
Norwalk, CT 06854
Empire State Building
350 Fifth Avenue, 59th fl.
New York City, NY 10118

Featured Article

April 21, 2017

Is Your Business Using AWS? You Could Be at Risk

If I’ve said it once, I’ll say it again: The cloud is not a cure-all for cybersecurity. You can’t simply outsource your servers to the cloud and expect all of your problems to go away.

Consider a new study from Threat Stack, which analyzed over 200 companies using Amazon Web Services (AWS) and found that 73 percent had a critical a misconfiguration in their cloud instances that could lead to a possible security risk.

The study indicates that users are exposing their cloud instances’ Secure Shell (SSH) to the public Internet, which makes it vulnerable to attacks. According to Threat Stack CTO Sam Brisbee, it’s not a vulnerability in SSH itself, but rather a poor Security Group — or firewall— configuration that needs to be addressed.

As Brisbee explained in eWeek, the Security Group misconfiguration grants direct SSH access to any public Internet user. This is very risky, because it expands the surface area that can be attacked.

In other words, say there are 1,000 exposed systems running in an AWS environment. A hacker can use this to his or her advantage, as the attack can be spread out instead of concentrated — thus making it harder to detect an intrusion. As Brisbee told eWeek, a thousand hosts that each have a failed login is much more difficult to spot than a thousand failed logins over a single host.

Another troubling discovery from Threat Stack is that 62 percent of companies are not using a form of multifactor security to fortify their AWS cloud instances.

So while the cloud has many benefits, remember that it still requires the ongoing attention of a dedicated cybersecurity team. Regular security auditing and patching is critical for keeping cybercriminals out of your network.

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York CityWhite Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.

To ensure your security, consider one of our most popular services — Auditing & Documentationwhich pinpoints vulnerabilities in your infrastructure, process flow and internal security procedures.

Related Articles