Home » 2023 is a record year for theft of personal data from the cloud. And there is only one way to defend yourself

2023 is a record year for theft of personal data from the cloud. And there is only one way to defend yourself

by admin
2023 is a record year for theft of personal data from the cloud.  And there is only one way to defend yourself

At the end of 2022, a study conducted by Professor Stuart Madnick of MIT on behalf of Apple, had illustrated the “growth of threats to user data in the cloud”. The picture that emerged from the report was worrying: constantly increasing data theft, private information stolen from the cloud of hundreds of companies, out-of-control ransomware attacks.

Apple commissioned the same study from Madnick for 2023 and he published it (Who) one year after the previous one. The results can be summed up like this: it got even worse.

Messaging We tried Olvid: this is how the chat app chosen by the French government for its ministers works by Emanuele Capone 06 December 2023

Horrible two years

The numbers from the study speak for themselves: 2022-2023 was a biennius horribilis, to coin a neologism that is well suited to the situation. During the first 9 months of 2023, data theft from the cloud, in the United States alone, increased by 20% compared to all of 2022. Globally, more than 360 users have suffered theft of private data millions. Ransomware attacks also saw out-of-control growth, which during the year blocked entire companies and brought operations to their knees. public institutions around the world, including Italy. According to the study, attacks of this type increased by 70% during the first 3 quarters of 2023 compared to the same period in 2022.

The most recent attack concerns 23andMe, a well-known genetic analysis company and genealogical research: in October, according to the most reliable estimates, cybercriminals had access to around 300 TB of customers’ personal data. In September it was the turn of MGM Resorts, the multinational hotel sector: a ransomware attack had blocked the company’s operations for days. These are just two of hundreds of reported cases, mainly in the US, Canada, the UK and Australia, but also in the Old Continent. Among the most sensational cases in Europe were the theft of 17 million data from FlyingBlue, the loyalty program platform of KLM-AirFrance, the half TB of private data stolen from the servers of the city of Antwerp or the 24.5 million of files with customer data stolen from Motel One Group.

See also  Sony explains all the questions before the release of PlayStation VR 2 in detail, and the dedicated controller will not be sold separately for the time being- mashdigi-Technology, New Products, Interests, Trends

The criminals find the door open

The crescent digitalization of our lives it goes hand in hand with the amount of data we pour into the cloud and entrust to company servers. It is no surprise that cybercriminals are investing in increasingly sophisticated and complex attacks to access this immense reserve of useful information that they can resell or use to conduct new targeted attacks. But it is not the only risk: a good number of data leaks are possible lead directly to the inability of companies in configuring the security of their cloud systems.

In May 2023, Toyota revealed that, for approximately a decade, a database misconfiguration had exposed the private data of 2.15 million users of the ToyotaConnected service, including license plate numbers, vehicle location data and footage recorded by on-board cameras car. Also Microsoftin September 2023, had to fix the incorrect configuration that had potentially made more than 38 TB of company employee data accessible.

Crittografia end-to-end

So how do we defend ourselves from cloud attacks which do not concern our personal accounts so much as the companies to which we entrust our data in exchange for services that are increasingly integrated into our lives?

Aspire to one total data security, according to the report, is not a realistic path. The only solution is an ever-increasing spread of end-to-end encryption: “Cyber ​​attacks have shown that organizations are only as secure as their least secure link. In this panorama, no organization and, consequently, no individual is safe from a data breach – we read in the study – For this reason, in the last year, technological platforms and other operators industries have expanded the use of end-to-end encryption, a method of protecting data or communications by encrypting them and making them undecipherable, so that they cannot be read by third parties.”

See also  Does Microsoft's Acquisition of Activision Blizzard Still Place?

The end-to-end encryption, as the name suggests, provides that data encryption and decryption can only take place at both ends of the communication: on the users’ devices. Thus in an end-to-end messaging system, messages can only be read by the person sending or receiving the message and no one else. Likewise, encrypt end-to-end the private data of an app and saved in the cloud prevents anyone else from decrypting them unless they have access to the private account or keys contained on the end user’s device.

On the iPhone it will be possible to install apps outside the official store, but for Apple security is at risk by Andrea Nepori 16 November 2023

A business model problem

Not by chance many tech companies they are extending end-to-end encryption to more and more services. The introduction of the system has been announced recently also on Messenger, a messaging app used by hundreds and hundreds of millions of users and has always remained discovered until now.

It’s no coincidence that it is either Apple to promote a study like this and to become the standard bearer of commercial end-to-end encryption: encrypting user data on company servers protects them not only from potential cybercriminals but also from the prying eyes of the company itself, which cannot in any way use them for profiling purposes . For companies that derive revenue from advertising and the analysis of data collected by mostly free services (such as Meta and Google) not being able to access user data is a problem that directly affects the organization’s business model.

See also  Nope, scalebound still doesn't seem to come back - Scalebound - Gamereactor

For companies whose fundamentals instead they do not directly depend on profiling or from data trafficking, like Apple, it is instead simpler to propose advanced security solutions: in the case of iCloud, data from 16 categories (including messages and health data from the Health app) are encrypted end-to-end. If you want it is possible activate the so-called Advanced Data Protection to extend encryption to an additional 7 categories, including iCloud backups, Photos and Notes. In that case it is though better be careful: If the user loses the keys to recover the encrypted data, Apple will in no way be able to offer recovery of the information saved on its servers.

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy