Google’s security team have released a report outlining the active threats they have detected against their services. It includes a number of recommendations to help their users improve their security.
Here is the blog:
Coin mining, ransomware, APTs target cloud: GCAT report | Google Cloud Blog
Here is the full report:
Threat Horizons – Intel Paper – Nov 2021_Ren_V1 (google.com)
Here is a very readable executive summary:
Threat Horizons Executive Snapshot – Nov 2021 (google.com)
The two easy takeaways for businesses rather than developers are:
- As Cloud services are by nature available for anyone to log into from the internet, you should enforce Multi-factor authentication for all your users. They don’t mention this in their report but this is equally valid for Microsoft 365 or any other cloud service.
- Organisations should develop “defence in depth” strategies as this will improve you defences if one of the technical or training tools you rely on is compromised.
Defence in depth is something that is built into Octagon’s 365R product and is supported by the specialist cybersecurity training and documentation frameworks that Smart Thinking can provide for your team and board.
Clive Catton MSc (Cyber Security) – by-line and other articles