An analysis of data stored in cloud applications found that 4 out of every 100 files contains malware. Credit: Thinkstock SAN FRANCISCO — It starts out innocently enough. You’re in HR and there’s a job opening that you’re hoping to fill as quickly as possible. You send out a request for resumes, maybe on LinkedIn or another job-related site. All of a sudden you get a bunch of emails with resumes attached. So you decide to move the resumes to a cloud-based sync folder where other people on your team can access the resumes. With automated sync, the resumes are quickly and efficiently shared. But there’s one problem. One of the resumes contained malware and now everyone on your team has been infected. Welcome to the world of “fan-out” malware, says Krishna Narayanaswamy, chief scientist at Netskope. Narayanaswamy was speaking at the Cloud Security Alliance summit, which took place Monday in conjunction with the RSA Conference. His company analyzed data stored in cloud applications and found that four out of every 100 files contains malware. That spells data breaches and ransomware attacks. “The havoc it can cause is serious,” Narayanaswamy says. + NOT AT THE SHOW? See all the news as it happens + When people think about cloud security, they think about data stored with cloud service providers through conventional IT channels. But there’s another attack vector that involves unsanctioned cloud apps that may or may not be enterprise ready. In fact, Narayanaswamy says, surveys have shown that only 10% of cloud apps in the average enterprise are IT led. A full 70% are business led and 10% are user led. So, there’s plenty of business data living in the cloud that is invisible to IT. “Controls are needed to cover all clients, not just browsers,’’ he adds. In terms of best practices, he recommends five steps that enterprises should take to deal with malware in cloud-based data. It’s critical to have real-time backup of critical cloud-based content so prior versions of data can be easily accessed. That’s a great way to thwart ransomware. Enterprises need tools to look for malware in cloud data at rest. Enterprises need to identify malware and detonate it inside of a sandbox. Also, enterprises need to be constantly on the lookout for anomalous behavior. For example, lots of files moving all at once. Finally, companies need to monitor the network for data exfiltration, using DLP tools to block data from leaving the network in real time. Related content news Nvidia unveils new Blackwell systems, accelerates release of Spectrum-X networking The systems, announced at Computex in Taipei, will power what the company calls ‘AI factories’. By Lynn Greiner Jun 02, 2024 4 mins Generative AI GPUs news Singapore government pushes energy-efficient data center plan The city state is looking at greener energy sources and wants to make every aspect of data center energy consumption, from cooling to coding, more efficient. By John Leyden May 31, 2024 4 mins Energy Efficiency Data Center Design Data Center Management news Everyone but Nvidia joins forces for new AI interconnect Hyperscalers and chip makers, including AMD, Broadcom, Cisco, Google, HPE, Intel and Microsoft, are partnering to develop a high-speed chip interconnect to rival Nvidia’s NVLink technology. By Andy Patrizio May 30, 2024 4 mins CPUs and Processors Data Center news AT&T taps Cisco fixed 5G wireless gateways for WAN service Cisco Meraki devices are also part of fixed 5G wireless services from T-Mobile and Verizon. By Michael Cooney May 30, 2024 3 mins 5G Wireless Security WAN PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe