Intelligent Business Steps to Ensuring True Cloud Security and Resilience

Recent cyberattacks have turned attention to the rising dangers of cybercrime and unexpected vulnerabilities inside and outside organizations. Threat actors are targeting specific verticals and vulnerabilities, and they are targeting the same companies repeatedly, often multiple times a month. The onslaught is relentless.

However, organisations need to use these lessons and insights to prepare for what lies on the threat horizon and avoid being caught in a compromising position.

For organizations, balancing the complexities of compliance, risk mitigation and governance regulation is a challenge that they must navigate with resilience and caution to ensure they can both survive and thrive.

According to NTT’s 2021 Global Threat Intelligence Report, the finance, manufacturing and healthcare industries experienced the most attacks in 2020.

Manufacturing increased from 7% to 22% of attacks, healthcare from 7% to 17% and finance from 15% to 23%. These were broken down across web-application, application-specific and network-manipulation attacks for these sectors, and the numbers show a sharp focus on cloud and application attacks.

In healthcare, these attacks were categorized as web application (62%), application specific (36%) and network manipulation (1%). For manufacturing, it was web application (27%), application specific (50%) and reconnaissance (19%), and for finance it was web application (16%), application specific (68%) and distributed denial of service (8%).

These industries stand to benefit from robust and flexible cloud security that helps them to manage their posture more effectively and achieve security and business resilience. But this doesn’t mean that other markets can rest on their laurels. The future of resilience for all organizations lies in how cloud security can adapt and deliver business agility.

There are three security steps all organizations should consider as they move toward cloud security and resilience:

1. Recognise the true weight of the threat landscape

The 2021 Global Threat Intelligence Report analyses threats across sectors, and made key findings on what is shaping the security landscape. The first is that miners and Trojans are replacing spyware as the most common malware family. This threat is evolving and becoming increasingly diverse with a rise in multifunction malware. In addition, cryptocurrency miners represented 41% of malware detected in 2020. Coin miners accounted for 74% of all malware in Europe, the Middle East and Africa.

The pandemic continues to leave a mark as it encourages advanced persistent threat (APT) groups to increase their espionage, sabotage and cybercriminal operations. This is driven by the increase in flexible working conditions, with remote and work-from-home access points heightening the risk of web and application attacks.

As companies go virtual, attacks move with them – and there has been a marked increase in application-specific and web-application attacks. Finally, the new normal defined by the world as the post-pandemic way of work is more accurately defined as the post-compliance-and-regulation way of work. Data privacy and protection regulation are global, and restrictions and compliance requirements are increasing. Organizations are under pressure to comply to avoid paying hefty financial and reputational fines.

2. Focus on building resilience through security and technology

Organizations need to continually adapt to market changes and to evolving customer expectations with flexible and agile approaches to ensure business continuity. They need to proactively tackle security and resilience by design, focusing on tools and technologies that help them to refine their operating models, fully realise the potential of their data, and effectively mitigate risk.

Security and threat intelligence tools are critical in the digital world and proactive resilience is focused on meeting industry-specific objectives and requirements.

Staying ahead of the threats is one thing, but ensuring that an organization is resilient enough to cope with an active threat is another. Secure by design ensures that security is embedded into the organization and its resilience outlook and strategic goals. This translates to securing your infrastructure in intelligent ways so your organization can remain focused on value and transformation. It’s the smart way for an organization to remain firm in its customer engagements and digital investments without compromise.

3. Empower the organization

Throughout the security conversation, most decision-makers are concerned that the endless loops of security will limit productivity and opportunity. This is a relevant narrative. Organizations want to know how they can empower themselves to make informed decisions without losing sight of their security posture or compromising on regulation or resilience.

There’s a cycle that organizations can follow to ensure security and resilience within cloud investment. First, position security and resilience as strategic within the organization, then prioritize people and processes as you embrace “secure by design”.

Next, adopt existing cybersecurity frameworks and standards, and prioritize continual monitoring to ensure these remain up to date and relevant. Finally, return to positioning these as key parts of your business strategy and repeat. This is a cycle of intelligent thinking that allows the organization to rethink its approaches in ways that get the right results.

This leaves the organization with a reduced risk of data breaches or reputational damage; the ability to leverage security as a business enabler; and an architecture that can scale without introducing risk. Such a mature cloud and security posture allows for continued transformation, secure DevOps processes and applications, improved compliance and the creation of business value by aligning security with strategy.

Read more about Multicloud as a Service.

Neal Botje is Principal Practice Head: Cloud Security at Dimension Data