Tesla has reportedly had its cloud-based storage account hacked, which a cyber security firm has claimed is a prime example of why all businesses need to actively monitor their security controls.
Coming into force from 22 February 2018, the mandatory data breach reporting rules will require virtually all businesses, regardless of size, to report a breach of their system, such as this latest attack on car and technology manufacturer Tesla.
US media is reporting the company, headed by larger than life tech billionaire Elon Musk, had its Amazon Web Services account hacked, with the infiltrators using it to mine for cryptocurrency.
Tesla has been contacted for comment.
Murray Goldschmidt, COO at Sense of Security, suggested that if the likes of a large tech-savvy company like Tesla can be attacked, then SMEs are much more vulnerable and as such have an even greater need to monitor their security controls.
“There are an increasing number of reports of businesses being hacked through third-party cloud providers, with Tesla being the most recent high-profile case,” said Mr Goldschmidt.
“Cloud systems tend not to be covered in risk audits because the providers fall outside of the company’s network, but more often than not, this is how hackers manage to infiltrate businesses.”
He said the vulnerability with using cloud storage providers – a popular and cost-effective solution for smaller businesses – is that the lines of responsibility are blurred.
“In cloud deployments, there is always a shared responsibility model. That is, what are you responsible for, and what is the provider responsible for in terms of security,” Mr Goldschmidt said.
“Cloud platforms provide the building blocks for organisations to build, configure and deploy their systems. Frequently, companies are compromised through poor configurations that are within their control, but not necessarily assessed or viewed at appropriate frequency.”
He added: “Businesses who don’t do their due diligence in assessing their cloud service provider against their cyber security policies, or the businesses’ implementations within cloud environments, run the risk of facing fines of up to $1.8 million under the new laws set out by the Notifiable Data Breaches Scheme.”
Adam Zuchetti is the editor of My Business, and has steered the publication’s editorial direction since early 2016.
- ‘Don’t assume how employees will react to redundancy’
By Simon Rountree
- Customers behaving badly: ‘My time is worth more than yours’
By Adam Zuchetti
- What businesses can learn from Sir Roger Bannister
By Adam Zuchetti