Cloud Services – A Safer Haven from Cyberattacks

Alongside the devastating war in Ukraine, intense battles are also taking place in the digital world – every day, Latvian companies and state institutions experience cyberattacks aimed at disrupting service delivery to clients or infecting computer systems with a virus. Although attacks target various objectives, cloud service users are in a better position, as they are more likely to encounter problems due to their own negligence rather than infrastructure issues.

According to data from the Information Technology Security Incident Response Institution CERT.LV, the number of commercially motivated attacks has significantly decreased and has been replaced by politically motivated attacks. Most of these are carried out from Russia and Belarus and are directed against targets in countries actively supporting Ukraine. Among these is Latvia, where denial-of-service and ransomware attacks occur almost daily. Moreover, even seemingly unrelated targets, such as sports clubs, are not spared. Under such circumstances, companies are forced to think more intensively about cybersecurity issues and seek the safest ways to store data. 

"From our experts' observations, we can say that in cyber incidents in Latvia, such as ransomware attacks, both clients who store their data in the cloud and those who store data locally have been affected. However, incidents related specifically to cloud services most often occur due to clients' own negligence or carelessness," emphasizes CERT.LV representative Madara Krutova. She adds that the most commonly observed mistakes are related to insecure access control configurations, poor management and storage of authentication data and various service keys, as well as forgotten or poorly managed development environments, which, when compromised, allow attackers to gain access to production environments. 

"Usually, the larger cloud service providers are better protected and more appropriately prepared for potential incident investigations than systems installed on a computer. Therefore, it is important to choose reliable cloud services that do not process data outside the EU, NATO, or the European Economic Area," explains M. Krutova. "From the clients' side, it is also important to pay attention to what exactly is being paid for, as a cloud service can also be just a server with computing power, but this does not automatically mean backups, long-term storage, or customized audit logs."

A recent survey conducted by the IT company Visma Enterprise found that the majority of respondents consider cloud services the most suitable solution.

61% of respondents indicate that they are relieved from concerns about purchasing or renting servers, 36% consider "clouds" a safer solution, and 28% highly value the ability to always work with the latest version of the program and receive automatic updates.

"Our experience shows that using accounting systems in the form of cloud services better protects clients from potential data loss in a cyberattack. Responsible cloud service providers store data in certified data centers and create multiple copies of the data. Even if one center suffers an attack, the data can be recovered from another. Companies that rely on their own server or even store all critical information on a single computer's hard drive may not have such options," shares Jumis developer, Jumis Pro manager Viesturs Slaidiņš.

For reasons of convenience and security, cloud services are becoming increasingly popular in Latvia. For example, among all users of the business management and accounting system Jumis, 65% have already chosen the cloud service version of the program.