Cyber-attacks continue to increase and evolve at an alarming rate. Threats have moved beyond disruption, towards specific objectives like targeted data theft. Traditional approaches to cyber-security have been ineffective. Perimeter-based security, detecting and blocking what comes in and out of the environment, has continuously been found wanting, failing to take advanced actors or zero-day threats into account.
Minimising the impact of cyber-attacks on share prices should be a key priority for businesses in 2018. Organisations should be rethinking their approach to cyber-security now, to protect shareholder interests and avoid upcoming sanctions.
The trend toward multi-cloud (applications being deployed across two or more cloud platforms) is adding to IT leaders' to-do list. Multi-cloud can bring many benefits. Businesses can combine private and public clouds or dedicated servers, and choose the cloud service best suited for a specific workload. They can also minimise the risk of widespread data losses by distributing information across multiple platforms.
We're also seeing businesses overly relying on signature-based technology to protect these clouds, rather than investing in more sophisticated tools. Signature-based tools are great to detect already known threats, but will not detect the presences of an advanced attacker who masquerades as seemingly normal activity. And, without the expertise to investigate alerts and manage the technology, they can become an expensive acquisition of log file depositaries and flashing warning lights.
Finding the right expertise
One route is to find a partner that can support with managing data security. This shouldn't be viewed as outsourcing in the traditional sense; businesses have the ultimate responsibility to ensure their adherence to compliance regulations. But a partner with specialist insight into both the cloud and data security can help businesses access the expertise they need to ensure multiple clouds run smoothly and threats are minimised, while keeping up to date with the attack landscape. This also frees up resource to focus on more strategic business goals such as development, innovation, policy and educating staff on security.
Investing in the right places
Businesses also need to realise that it's not enough to just detect a problem. They must have appropriate means in place to respond to an attack and remove the threat, with a robust and well-practiced end-to-end process. While investing in signature-based tools provides a certain level of monitoring, if the processes aren't in place to take next steps then these efforts are wasted.
Security equals success
The exponential growth of technology has meant that the foundations of our security practices are constantly evolving. Measures that were effective in 2017 may already have become outdated, and the rate of change will only accelerate in 2018. It is important to adopt a security posture that combines expertise, process and technology to enable the business to operate securely, reducing risk and minimising potential impact.
Contributed by Lee James, EMEA CTO, Rackspace
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.