As the number of cyber attacks on cloud platforms and applications increases, organisations need more collaboration and data visibility
Last year, the share of corporate data stored in the cloud reached over 60%, with over nine in ten companies using cloud services. Cloud technology is now all-encompassing – a foundation for organisations large and small, now enjoying myriad cloud benefits from improved efficiency to scalability, flexibility and lower IT costs.
However, the cloud is not immune to issues, especially as the number of cyber attacks on cloud platforms and applications increases. As the Government’s National Cyber Security Strategy (NCSS) highlights, “the increasing dependency of businesses, government and wider society on cloud and online services is creating new and unique vulnerabilities and interdependencies.”
The significance of this trend is highlighted in Veritas research which showed nearly six in ten UK organisations report data security issues when accessing and maintaining data in cloud environments. Concerningly, 80% had experienced a ransomware attack on their cloud data, with over a third suffering organisational downtime and financial loss due to issues with recovering their data.
80% of UK organisations experienced a ransomware attack on their cloud data
Tackling this pernicious cloud threat is a collaborative effort involving private and public organisations alike – from users, cloud service providers (CSPs), cybersecurity partners, law enforcement and government agencies. As the Global Initiative against Transnational Organized Crime urges, “no one actor has a total view of the cybercrime eco-system but through partnership governments, civil society and the private sector can work together to build a clearer picture of the threat, respond more quickly to those threats, and prevent harm to our citizens.”
No one part of this collaborative ecosystem can ensure victory against hackers alone. The problem requires a large-scale operation encompassing visibility and insight, information sharing, and technical expertise alongside the capability to sanction and penalise bad actors.
Collaborative data visibility is key to cloud security
In the same way that cybercriminals share strategies and tactics, so must those working to thwart them. Visibility lies at the heart of this battle. It is not enough to have insight into the attack strategies cybercriminals employ. It is necessary to have complete visibility into the data stored within cloud environments and the numerous access points these services might provide.
Right now, however, visibility is one of the core security factors most likely to fall down. Veritas research found that 92% of UK leaders acknowledge they need to improve their ability to track their entire data footprint. Just 57% of UK organisations say they have “complete visibility” into data stored within cloud environments.
Just 57% of UK organisations say they have “complete visibility” into data stored within cloud environments
The NCSS makes clear, ‘It is the responsibility of boards of businesses and organisations to manage their own cyber risk’. When organisations lack insight into their complete data footprint they neglect this responsibility.
Lack of data visibility poses a fundamental threat to data security – you cannot protect what you cannot see. And in the event of an attack, this also means a missed opportunity to provide law enforcement with valuable insight. If organisations cannot see their full data picture, they not only lack the ability to protect it but also to serve the broader public interest.
A lack of data visibility poses a fundamental threat to data security
In fact, the NCSS clarifies the government’s intention to step up data sharing across government and industry, including by helping businesses to share data more easily with law enforcement. This extension also includes CSPs.
As the OECD recognises, “evidence needed by police to solve a cybercrime is often held by private industry outside of police’s jurisdiction, [and there is] a lack of communication between law enforcement and service providers with regard to how to share and obtain needed evidence most efficiently.”
If CSPs are unable or unwilling to provide intelligence, lessons cannot be learned, and the perpetrators are less likely to be brought to justice. With access to data from the site of attacks, CSPs are crucial in informing decision-making and sharing insights and data related to breach points. More transparency is needed in sharing information about cyber attacks so it is easier for law enforcement to identify and prosecute those responsible.
Boosting enterprise visibility is core to thwarting vulnerability in the cloud as part of a global, collaborative strategy. As such, collaboration with global cloud data protection technology companies is also a vital part of the jigsaw. Private global cybersecurity experts are uniquely positioned to offer insight and expertise – especially those focused on ensuring full and complete data visibility across complex cloud environments.
Enterprises wishing to take their cyber responsibilities seriously need to address and maintain data visibility
From users to CSPs, cybersecurity leaders to law enforcement, each part of the ecosystem relies on complete data visibility – which is too often missing. Enterprises wishing to take their cyber responsibilities seriously need to address and maintain data visibility and control as a priority – no matter where it resides, on-prem or in the cloud.
Barry Cashman, RVP UK and Ireland, Veritas Technologies