SC Video: Epidemic of leaky cloud storage ‘really frustrating,’ says Trend Micro expert


Data breaches stemming from misconfigured cloud-based storage servers are utterly preventable, and it's up to the security community to educate organizations about tools that are readily available to scan for such mistakes, according to Mark Nunnikhoven, Trend Micro's VP of cloud research.

Nunnikhoven spoke to SC Media at RSA 2018, just as word had spread on Apr. 18 that 48 million records collected by social media data aggregation firm LocalBlox were left exposed on a publicly accessible Amazon Web Services S3 bucket.

The incident was just the latest in what has been an epidemic of cloud storage data leaks over the last year and beyond. Nunnikhoven himself called it a "really frustrating situation," noting that these data storage containers "are locked down and secured by default, which means every time we see a breach like this, somebody along the way has made an explicit choice, whether they realize it or not, to flip those buckets to be public."

"My frustration... working with companies in the cloud, is that there's a lot of free tools available from AWS and the other providers from the community to look for mistakes like this," continued Nunnikhoven, who said members of the security community must do more to educate users about their responsibilities and the automated tools available to them.

Nunnikhoven also discussed current ransomware trends, including the decision among some cybercriminals to drop ransomware campaigns in favor of cryptominers, which are generally simpler to employ and are quicker to generate money.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.