By Bhaskar Deep.

Let’s think like this, Storing our data at an unknown place. Is our data secure? can they access our business data? And the question chain continues…

Who is Using it?  

Modern technologies play a crucial role in the challenging IT world, many companies like Netflix and Adobe started using serverless applications. Many businesses are considering using serverless technologies and the growth of serverless applications has been vastly increased. According to Datadog, 80% of AWS container users adopted AWS lambda.

Why are They using it?

Serverless technology works on two services that explain the architecture. Firstly Back-end as a service where it operates the backend of the cloud which is mostly operated by a third party and functions as a service where code starts running using event triggers. 

The main reason that big industries started using serverless is because of the fast deployment of Products without a customer lock-in but from the developers’ aspect it’s easy to use and deploy, low cost, scalability, flexibility, efficiency, and most importantly better UX for best customer experience.

Security Threats 

For any type of technology, the main concern is data security. Traditional computing or serverless computing are facing cyber threats, to understand this let’s see the top threats of serverless architecture.

·      Function data event injection.

·      Broken authentication.

·      Insecure serverless deployment configuration.

·      Over-privileged function permissions and roles.

·      Inadequate function monitoring and logging.

·      Insecure third-party dependencies.

·      Insecure application secrets storage.

·      DDoS attacks.

·      Serverless function execution flow manipulation.

·      Improper exception handling and verbose error message.

Serverless applications are secure to use by continuous monitoring and most important usage of secure coding for your application. We can test a serverless environment by different patterns using a damn vulnerable application that is available in GitHub, which teaches us a secure way to launch our application in serverless 

Is it safe to use serverless?

We can never say that any application is safe, we can make it safe by following security policies. Yes, we can use serverless applications with the practice of secure coding and continuous monitoring of security risks that are already provided by cloud platforms. The main motto of going live with serverless is #Secure coding.

By Amelia McGuigan (Cyber Security Student).

After the fifth text message this week inviting me to click on a suspicious link, I decided to dig a little deeper into how to avoid phishing attacks. We are continuously warned not to click on mysterious links in emails and texts, yet it only takes a momentary lapse of judgement or a well put together phishing email to trip us up. Phishing emails come in trends, fraudulent government tax rebates, phony bank messages and most recently, false coronavirus vaccination offers. They rely on the messages having some relevance to our recent online activity or scaring us into making snap decisions.

Phishing vs Spear Phishing

Phishing is varied and sometimes targeted. Attackers send out messages to thousands of recipients aiming to mislead individuals into giving away bank details, personal information or to infect our devices with malicious software. On your work device you may find similar emails, but the motive is different. Spear-phishing is a targeted attack, a hacking organisation may try to gain access to a company’s network via an employee device or trick you into paying a fake invoice.

Tips to avoid being a Phishing Victim

Here are 3 tips to avoid phishing attacks on your personal devices.

Tip 1: If you are sceptical, go directly to the website. For example, if you receive a message from your bank stating you have made a transaction or from an online retailer asking for a confirmation of a payment method, open a new tab and log in to the official website directly. Never click the link, even if it looks legitimate.

Tip 2: Check the ‘sent from’ email address. If an email address starts with a long list of numbers and letters followed by an irrelevant domain (the name after the ‘@’ symbol), it’s highly unlikely the sender is genuine. Sometimes phishing attackers hide their email address by modifying their contact name to be more believable, but a closer inspection of contact information can reveal a lot more about a sender.

Tip 3: If you click a link do not panic! It is rare for the link itself to infect your device immediately, its usually the actions you make afterwards that can cause a problem. Even if you have mistakenly entered your personal or bank details, call the bank and change any relevant passwords to help rectify the situation. But make sure to monitor your accounts afterwards and notify work if you were using a company device.