Security is trumpeted as a top concern for organisations, especially with increased investment in new technologies like mobile, cloud, and the Internet of Things. As new technologies are introduced and adversaries become more sophisticated, the threat landscape and the attack surface within organisations continues to grow. This means that not only do organisations need protection from threats, they need to protect their data and they also need to protect their reputation and brand. However, not all companies are taking the threat as seriously as perhaps they should.
Just last week two new industry reports on this subject caught my attention. The first report indicates that UK companies are still failing to protect their sensitive information against cyber-attacks. According to Big Four firm PwC, there has been a 38% increase in detected information security incidents this year, with these incidents now costing an average of £1.7m. PwC’s report found that businesses are failing to take cyber security seriously, despite noting a 24% rise in security budgets this year.
Corero Network Security also recently launched its mid-year report on the current state of DDoS attacks based on the experience of its global customers. In the report Corero stated that attackers are leveraging sub-saturating DDoS attacks with growing frequency and the attackers are using shorter attack durations to evade defences. DDoS scrubbing solutions can cause disruption in a network and are often used to distract victims while other malware penetrates networks and steals customer information and company data.
With DDoS attacks on the up (the report by Corero showed that customers experienced about 4.5 DDoS attacks per day in Q2 2015, a 32 percent increase on Q1) and malware continuing to increase (it has doubled in the first half of 2015), now more than ever companies need a safe and secure place to store sensitive data. This also means that as companies continue to try and combat the increasing onslaught of cyber-attacks, including DDoS, so they are turning more and more to their service providers to help them achieve this.
We find that today cloud initiatives are increasingly stalling or getting cancelled altogether because the security risks are deemed to be too high. This results in an uncomfortable situation for IT leaders as lines of business in their organisations are still demanding the agility, scalability and cost savings that cloud computing can deliver. IT leaders know they can’t abandon cloud altogether, the benefits are too high - and yet they also know whose head will be on the line if an outage, data loss or hacking incident was traced to a cloud workload.
The threat landscape and attack surface is only set to get worse and unfortunately, despite the scale of threats, many businesses are still not doing enough to protect themselves from what could be a financially crippling attack. My advice is make sure that you are working with a cloud service provider that can help you address security and protect your cloud workload, otherwise you could be setting your cloud projects up for failure.
By Monica Brink, Director of Product Marketing, iland