April 17, 2017 | Written by: Aman Mohindru
Share this post:
Hacking often conjures images of malicious criminals breaking into computer systems to steal and sell data for monetary gain. More recently, hacking has become known as a weapon that can cause public embarrassment and wreck reputations.
Cyber-extortion and the threat to expose sensitive information are on the rise. In a recent IBM report, “Ransomware: How consumers and businesses value their data,” almost half of executives (46 percent) reported that they’ve had some experience with ransomware attacks in the workplace, and 70 percent of those respondents paid to get data back.
Such threats and the news stories they generate are primary reasons why security is a top concern for businesses. However, executives at the forefront of implementing hybrid cloud strategies say they are overcoming this challenge, according to the report “Growing up hybrid: Accelerating digital transformation.” Extending the same level of security controls and best practices they have in place for traditional IT to the cloud is one way to reduce risk. Assigning business-critical work to on-premises resources is another. In fact, 78 percent of these executives say that hybrid cloud is actually improving security.
As the benefits of cloud computing — agility, innovation and efficiency — become undeniable, information security is taking on greater importance. The best defense is to cultivate security as a behavior. Technology alone cannot protect companies. There must be a cultural change in the way all employees think about security.
Expanding cloud computing
Market demands are shifting the way CIOs think about data storage and security, says Roy Illsley, chief analyst with the digital consultancy firm Ovum. Most companies still store their most sensitive data in mainframes. However, Illsley expects that to change in the next five to 10 years as consumers insist on instant access to data.
“If you’ve got everything in a mainframe and it’s stored in Frankfurt, all nice and secure, but you’ve got customers all over the world, the latency of that from someone traveling in China is probably too great to be of any use to them,” he says.
Andras Cser, an analyst with Forrester Research, says financial concerns also weigh heavily. “You can’t choose to have a legacy system because of the cost,” he says. “The cloud is so much more inexpensive. The question isn’t whether a company should move to the cloud, it’s how.”
Cloud computing is no longer limited to just the world of computer servers, data storage and networking. Increasingly, it is core to mobile devices, sensors, cognitive and the Internet of Things (IoT). As innovations like cognitive and IoT become widespread, cloud computing is seemingly everywhere.
Outsmarting the hackers
As more information is digitized, security awareness needs to increase. Hackers gain entry to secure systems via phishing attacks in which employees click on malicious attachments or visit websites that download malware onto their machines. Organizations must take a two-pronged approach to security that uses tech-based solutions, and requires workers to change how they use technology.
For instance, encryption protects email, but employees also need to be careful about what they say in their emails. It goes back to human behavior. Is that the right medium for that communication or should you just pick up a phone? That decision is made by an individual.
Many high-profile email attacks that splashed across headlines were partly the result of inadequate technology, such as not using the right email signatures, and a misguided use of the medium. It all boils down to each user’s level of security consciousness and the best practices that he or she has internalized as a behavior. The adversary is getting cannier, so security relies upon individual actions and decisions.
Security requires a strong technical defense as well. Standard defenses include encryption and geofencing, which builds a virtual fence around data and monitors employees’ comings and goings. It’s not enough to merely have such technologies on hand, however. The key is to examine how well they are configured.
Organizations need people who not only know how to secure the system, but also stay ahead of emerging threats. One positive trend: companies are beginning to work together to fight hackers.
Such cooperation shows that security has become a global issue. Never before have businesses and public personalities had a better reason to work collaboratively to thwart cybersecurity threats.