Is data security still an afterthought for many businesses?

IoT and cloud computing are on the increase

High-profile cybersecurity breaches are increasingly in the news, a prime example being the NHS incident of May 2017 when services were brought to a standstill for several days though cancelled appointments and operations, at great financial and individual cost. You’d expect the desire to avoid unnecessary financial losses/liabilities and negative publicity would motivate organizations to implement appropriate cybersecurity systems in a world driven by tech and increased dependency on IoT and the cloud. Surprisingly, though, digital security is often very much a secondary consideration. A recent cybersecurity report carried out by ESG, revealed that participating security professionals believed their existing tools to be inadequate for safeguarding critical cloud data, even though their employers continued to invest heavily and with increasing speed, in cloud applications.

The same report divulged that 39% of respondents would only consider on-premises systems in exceptional circumstances. Additionally, more than half of those questioned expected around half of their data to be moved to the cloud over a 12-month timeframe and that a significant proportion of said data would be sensitive. Considering that cloud-first strategies are gaining momentum because of the numerous benefits they offer, it is somewhat alarming that over two thirds of those surveyed stated that they lacked the tools within the cloud to safeguard sensitive company information. With IoT and interconnectivity becoming increasingly the norm, it begs the question as to why are so many cybersecurity systems/practices not fit for purpose?

Mitigation Security

COVID-19 has accelerated the cloud migration

There’s no denying that pandemic has accelerated the transition to the cloud, with businesses scrambling to quickly collate the necessary IT infrastructure to support home working without considering the security aspects. Many facilities managers are still of the mindset that enabling remote working is just a case of issuing login details with little understanding of the security risks associated with home broadband equipment or the vast range of personal devices being used. What’s even more astonishing is that some believe that implementing multiple security layers slows down performance and hinders innovation on account of over complex procedures. Cybercriminals have been quick to capitalise this naivety and the daily number of cyberattacks have skyrocketed since the outbreak of COVID-19.

So, what’s going wrong?

Companies with modest IoT deployments often don’t factor-in security unless they’re specifically requested to do so, because many of their end customers believe it to be overkill because of perceived costs versus perceived risk. These short-sighted attitudes are somewhat baffling in a digital world because if cybersecurity is left unchecked, not only will it impact a business’s ability to trade, associated liability costs can run into millions.

While most localised IT systems have a dedicated IT security team to safeguard a company’s valuable assets, different requirements come into play when protecting assets stored in the cloud. The two biggest considerations are firewalls and data encryption. Firewalls are essential because bots and hackers will easily identify weaknesses and take advantage. Encryption is needed because in the event of a security breach, the data cannot be compromised quite so easily. It is also essential to have a carefully designed architecture to mitigate the risk of a security breach in the first place. More specifically:

• Include partitioning – with different levels of access control
• Enable traceability – so an audit trail can be quickly generated in the event of an incident Apply multilayer security – for enhanced protection and to mitigate weak spots
• Introduce proactive monitoring – so potential threats can be swiftly dealt with
• Automate manual processes to remove the risk of mishandling or modification Implement incident management and investigation policy and processes that align to your organizational requirements.

Perception versus reality

Far too many businesses, particularly smaller ones, are of the mindset that migrating their IT systems to the cloud, where all data security matters are taken care of on your behalf, will cause unnecessary upheaval compared to the perceived risks. Others are fearful about losing control, while some are simply too overwhelmed by the prospect of change or lack the support of colleagues to make that change.

These views are somewhat naive if not dangerous because cloud companies like Amazon Web Services and other public cloud providers have invested millions in building robust cybersecurity infrastructures to protect their customers’ data, accounts, and workloads from unauthorized access whilst enabling them to operate more efficiently and cost effectively.

Cybercriminals are becoming more sophisticated all the time, so regarding cyber security as a “bolt-on” to an existing system no longer cuts the mustard. The world is reliant on digitization and IoT and automation are gaining momentum so businesses deciding to ignore data security will be doing so at their own peril.

By Jonathan Custance

Dmitry Chekalin
How Much Should a Modern Website Cost? A website is a valuable instrument for growing your business. Your website presents your brand to users. Also, it compels your prospects to become your customers. So, how ...
Gilad David Maayan
Cloud Security Posture Management Cloud Security Posture Management (CSPM) enables you to secure cloud data and resources. You can integrate CSPM into your development process, to ensure continuous visibility. CSPM is particularly beneficial for DevOps ...
Alex Dean
Enabling Privacy and Personalization Most businesses today rely on data collected online to better understand their customers and deliver more personalized products, services and experiences. These insights can be transformative for an organization, especially when ...
Yuliya Melnik
DevOps Services Outsourcing The sooner you release your unique idea to the public, the higher the chance that it will receive the lion's share of the audience's attention. Delays in development can lead competitors to ...
Rakesh Soni
Businesses now see the cloud as a standard, and they are always on a hunt for ways to leverage the cloud to its full potential. And if enterprises need to be competitive in the ever-expanding ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.