Tombs said that the business case for cloud was clear – cloud technology makes scaling faster, smarter, and more affordable than on-premise servers.
“Operating in the cloud undoubtedly delivers significant advantages and likewise security improvements for most organisations, but with the increasing number of data breaches and cyber attacks, organisations do need to be more cognisant of what cloud security they have put in place”, Tombs said.
Tombs said that his outfit was seeing a huge uptick right now in cyber attacks, especially because many organisations that adopted working from home practices during the government stay-at-home orders have operated remotely.
“COVID-19 has undoubtedly amplified the susceptibility of organisations to such attacks – particularly ransomware where new COVID-19-themed strains have been introduced. Criminals will never let a good crisis go to waste and workers connecting to their corporate headquarters from home allow attackers to target companies in many more ways. These tactics have always existed, but we are seeing increased interest highlighting that criminals are indeed adapting and evolving their tactics to the new remote-access world we now find ourselves in”, he said.
He warned that cybercriminals are getting smarter about whom they’re targeting and, as a result, they are having more success getting ransoms paid. They have identified a ‘sweet spot’ of companies and sectors that aren’t doing the right things around cloud security and are going after them in the knowledge that they have no alternative but to pay up to retrieve their data. Even those sectors that are doing a better job on cybersecurity aren’t immune – the legal sector is a classic example.
A recent legal sector report entitled ‘Sector 17 – The State of Cybersecurity in the Legal Sector’, reveals that, despite excellent standards of cybersecurity, 100 percent of law firms analysed were targeted in attacks by threat actors.
Tombs said: “Some sectors have taken a trade-off approach to cyber attack risk by weighing the cost of putting in place effective security controls against the lower cost of paying a cyber insurance premium. As a result, insurance companies are being hard hit covering ransom payments and there are suggestions that they are planning to tighten up on the security standards they require policyholders to meet if they expect to be compensated in the event of a breach.
“When scoping a move to the cloud, businesses need to assess security in the context of this environment and evaluate Cloud Service Providers (CSPs) accordingly. Moving to the cloud means adopting a partnership approach to security that requires high levels of trust and transparency between all parties and these should be established at the start of the relationship.”
One of the big benefits of partnering with a CSP is the ability to access the security expertise of a business whose success depends on providing the most advanced levels of protection. Cloud providers have economies of scale that allow us to invest far more into talent and adoption of the latest innovative infrastructure protection and defence technology than any single organisation could commit financially, he said.
Due diligence around your CSP was important when entrusting core systems to a third party and work with your cloud service provider to ensure that your cloud is secure and well maintained was required.
“It is important to recognise that high-level security concerns – like unauthorised data exposure and leaks, weak access controls, susceptibility to attacks, ransomware, and availability disruptions – affect traditional IT and cloud systems alike. As a result, a similar approach to maintaining both your on-premise and your cloud security environment should be adopted.”