close

Is AI Being Used to Defend Systems, or to Power Cyberattacks?

Why Does “Moving to the Cloud” Make Cybersecurity More Important—Not More Secure?

Cloud computing offers high scalability, lower costs, and rapid deployment, enabling enterprises to expand services quickly.
However, “not hosting data in your own data center” does not mean risks disappear. On the contrary, the attack surface becomes larger and more complex.
 

Most cloud security incidents do not result from cloud service providers (AWS, GCP, Azure) being compromised. Instead, they are mainly caused by:

  • Misconfigured permissions

  • Weak access controls

  • Leaked credentials or API keys

  • Human error and operational mistakes

Understanding the cloud security responsibility boundary and technical protection mechanisms has become a core competency for modern IT and cybersecurity professionals.


Core Concept of Cloud Security: The Shared Responsibility Model

1. Responsibilities of the Cloud Service Provider

  • Physical security of data centers

  • Network infrastructure

  • Host hardware and virtualization layer

  • Stability and security of the cloud platform itself

2. Responsibilities of the Customer

  • Identity and Access Management (IAM)

  • System and application configuration

  • Operating system and application patching

  • Data access control and encryption

  • Auditing and monitoring


Common Cloud Security Risks

Improper Identity and Access Management (IAM)

  • Excessive permissions

  • Using root/admin accounts for daily operations

  • API keys not rotated regularly

Once these issues occur, attackers can operate cloud resources “legitimately” using valid credentials.


Publicly Exposed Storage Services

  • Unsecured object storage (e.g., S3 buckets)

  • Accidentally setting internal data to Public Read / Write

This has been the most common and lowest-barrier cause of cloud data breaches for years.


Insufficient Network-Level Protection

  • Overly permissive Security Group / firewall rules

  • Management interfaces directly exposed to the public internet

  • Lack of traffic monitoring and anomaly detection


Lack of Logging and Monitoring

  • No logs means no forensic capability

  • No monitoring means intrusions cannot be detected in time


Recent Cyberattacks Targeting the Energy Sector (From Cybersecurity News Reports)

  • One of the earliest cases involved attacks on Poland’s power infrastructure. Investigations revealed that the primary targets were Distributed Energy Resources (DER) devices, using data-wiping malware to conduct destructive attacks.

  • Microsoft also disclosed threat actors combining Adversary-in-the-Middle (AiTM) attacks with Business Email Compromise (BEC). The attackers used SharePoint file-sharing services to deliver phishing payloads and leveraged email inbox rules to make the attacks difficult for users to detect.

  • Cybersecurity firm Aikido reported a supply chain attack targeting Visual Studio Code developers. A malicious extension named Clawdbot, disguised as an AI coding assistant, was published on the Visual Studio Code Marketplace. Analysis confirmed the extension contained malicious code that installed the remote management tool ConnectWise ScreenConnect, granting attackers full control over infected systems.

Source:
https://www.ithome.com.tw/news/173656


Key Cloud Security Technologies and Recommended Enterprise Practices

Strengthening IAM (Identity and Access Management)

  • Enforce the principle of least privilege

  • Enable multi-factor authentication (MFA)

  • Regularly review and remove inactive accounts


Data Encryption

  • Encryption in transit

  • Encryption at rest

  • Centralized key management

  • Avoid hardcoding keys in source code


Network Segmentation and Isolation

  • Deploy core services in private subnets

  • Restrict management interfaces by IP address

  • Use Web Application Firewalls (WAF) to defend against common web attacks


Monitoring and Threat Detection

  • Configure alerts for abnormal behavior (e.g., unusual logins, traffic spikes)


Automation and Compliance Checks

  • Automatically detect misconfigurations

  • Perform regular vulnerability scans and penetration testing


Conclusion: The Cloud Is Not Insecure—Security Responsibilities Are Reallocated

Mature cloud security does not pursue “zero risk.”
Instead, it aims to:

Keep risks under control while ensuring internal stability, data trustworthiness, and sustainable system operations.

 

share to