Is cloud hackable?

Yes hackers love the cloud!

Cloud services aren't fundamentally vulnerable because they're badly designed; they're vulnerable because they are used by people who can easily be manipulated via social engineering. For a skilled hacker, a major company’s cloud system is a treasure trove – sensitive data, including millions of bank account logins, email addresses and Social Security numbers can be just a few clicks away. While the cloud provides unprecedented benefits to digital businesses, it can also leave customer and employee data vulnerable. If your business uses cloud services and you don't educate your staff, you might as well kiss your data and your reputation goodbye.

Major data breaches at tech giants like Yahoo , which confirmed in December 2016 that more than one billion of its email accounts were compromised in August 2013, demonstrate that no company is completely safe from a hack. Oracle, Sony, T-Mobile and Dropbox are just a few other consumer tech companies that have dealt with massive hacks in recent years. Retailers such as Target, Neiman Marcus and Home Depot have also experienced massive breaches of customer data. And the average internet user, unaware of their data’s vulnerability, has yet to take the necessary steps to protect their information.

While the technical approaches to hacking have changed radically over that time frame, the social engineering techniques needed to access information remain fundamentally the same.
"What's different in cloud from a security view is when you're renting software-as-a-service, you've given away the management of security to a third party,""Do you want to outsource the responsibility for security? You can't outsource the responsibility; you can only outsource the function. That doesn't mean security can be ignored, because in the end it's your brand and your reputation that's on the line if there's a data breach." "The big issues for a cloud-based model is the ability to largely log in from anywhere, and the fact that's mostly delivered through a browser,"

In most cases, the credentials are trivial. In most cloud environments, there's no concept of intrusion detection or prevention, and if they are there people don't know how to use them." Those technologies are also meaningless if attackers blag legitimate login credentials through social engineering. The problem with the cloud is that it simply expands the systemic vulnerabilities that have existed since the Internet was developed.  The internet was built for redundancy, not security. So every single hack since then has been patched, but the vulnerabilities remain and continue to increase. Until people take back their data and assume responsibility for it, they have little recourse against the large providers.The risk of losing key information in a cloud hack will only increase as more companies and consumers embrace the technology. A recent study by Skyhigh Networks, a cybersecurity firm, found that 18.1% of all documents uploaded to cloud-linked systems contain sensitive data. In a poll conducted last October, 27% of respondents said they or someone within their household had credit card information stolen from a store’s data servers.
With so much raw data relegated to the cloud, major firms are developing “machine learning technology” to automatically scan billions of cloud interactions for potential threats. However, Stealing credentials by hackers can be accomplished through targeted attacks. "Spear phishing is massively increasing as a primary entry point technique. However, in many cases more basic techniques, such as ringing up and pretending to be a worker who has lost their remote login credentials, can be equally effective.

What can be done for protection. Turn users into a human firewall. Invest time and money into getting users to understand why these attacks take place, that they are real, and how to resist them. Even obvious steps, like ensuring the internet connection is encrypted in public locations or using individual passwords for different services, can provide a benefit. With the rise in identity theft, malware and phishing and scam sites, users need to be more careful than ever for their cyber protection.The most important thing to do is choose strong passwords, and change them often.