Security risks within the IT infrastructure of global businesses are increasingly prevalent – and damaging. When swathes of data are separated in the hybrid or multi cloud, it can leave big open doorways for malware to walk right in.
The message I want businesses to hear is that cloud and data are not separate. IT only exists to service the needs of a business’ data. Securing cloud services – and therefore your data – is a business-critical issue.
Read on to understand:
- The limitations of AV
- The dangers of remote networks
- The cost of getting security wrong
1. Blind faith in AV
Businesses are too often putting their faith in antivirus (AV) software. This is unintentional blind faith, in my opinion. The problem with AV software alone is that it does not go far enough to protect businesses data assets; it only detects known threats and is not reliable against new variants. We speak to a lot of businesses that assume their security box is ticked, thanks to AV software alone.
But what about zero-day attacks that make up most data breaches these days? A zero-day vulnerability is a computer security vulnerability unknown by anti-virus software creators; they’ve had ‘0’ days to work on a security patch or an update to fix the issue. Zero-day attacks leverage innovative multi-layered approaches – like BitLocker encryption – that haven’t been seen before; anomalies that business software can’t easily detect and protect against without human intervention.
The need to have human and AI based security operations centers (SOC) is increasing, but the cost to implement internally is high and the skills are in short supply. This can cause complications when trying to get pay-outs from cyber security insurers – because businesses haven’t invested in a higher level of threat protection.
Against this backdrop, AV is like wearing chain mail with a gaping hole in the front.
2. Leaving doors open in our remote working world
Unsurprisingly, zero-day vulnerability is greater in our remote working world. Weaker control systems, attacks on remote working infrastructure, sensitive data accessed through unsecured Wi-Fi networks, expanded attack surfaces, the use of personal devices…The list goes on. SaaS in one corner, Office 365 and Dynamic CRM in the other. Servers, software and data – here, there and everywhere. Not to mention outdated legacy operating systems.
Businesses have previously relied on remote access virtual private networks (VPN) for users – but this creates a tunnel between devices and company networks that’s hard to secure adequately. It also means a laptop or personal device can easily become a conduit. A virus or malware can scan for open communication channels – and find its way easily into a corporate environment. If your business IT environment has modern applications, your security must also be modernised. And fast.
This is where Zero Trust Network Access can come into play to secure access to internal applications for remote users. ZTNA gives remote users connectivity to private apps without placing them on external network tunnels or exposing the apps directly to the internet.
It’s about changing the architecture to be as secure as possible for the modern way we work.
3. The financial – and reputational – costs
Under British data protection laws, for example, a company could also face a fine of up to 4% of its global turnover if it is found to have failed to have met its data protection duties by the Information Commissioner’s Office (ICO). This is not new news. But despite the serious risk this poses to a business, many organisations still have an ‘it won’t happen to me’ attitude.
Zero-day attacks – or any type of data breach – can be hugely costly for a company. We know, because we we’ve had big business customers who’ve been in this predicament (not on our watch, I hasten to add!). Add into the mix GDPR – and uninformed reliance on AV and cyber insurance and a lack of control over remote networks has landed many in trouble with the regulators. Hefty fines – and reputational damage.
Businesses that value their data need to value security, first and foremost. And that starts in the cloud.