In: Computer Science
What can be done to prevent or mitigate the account or service hijacking, when you are using cloud services?
Account or Service Hijacking over cloud is a common tactic in identity theft schemes in which the attacker uses the stolen account information to conduct malicious or unauthorized activity. Account hijacking can trigger data leaks that lead to reputational damage, brand value degradation, legal liability exposure, and sensitive personal and business information disclosures.
Ways to prevent service hijacking :
1 - Check with the Service Provider :
Make sure there is no inside risk of account hijacking. Check with
your service provider about the background check of the employees
who have the access to your data.
2 - Secure Access :
Have a strong method of authentication for cloud app users. Dynamic
Passwords or One time passwords or Multi factor authentication is
recommended. Restricting the IP addresses allowed to access cloud
applications can be another way to secure access.
3 - Encrypting Sensitive Data :
Encrypt sensitive data before it goes to the cloud. Make sure that
the encryption key is stored separately from your encrypted
data.Also , this may not protect from the insider attack so its
better to handle the encryption key by yourself.
4 - Have Security Layers and Backups :
Having a security platform to look out end-to-end encryption and
application control boost the defence of the service.The ability to
control, or block, risky data activity based on behavioural and
contextual factors involving the user, event, and data access type,
will further extend the security layers in place.
Also, make sure all of your data is securely backed up in the event
that your data is lost in the cloud.