You can take a number of steps to maximize cloud security, hence yielding more protection. It is vital that the people in charge need to have a clear battle plan. Identifying who is responsible for cyber security is a good place to start. Is it the IT department, the company executives, or an outside agency? The leadership needs to designate who is in charge and responsible for the cyber security of the company. Also, it will alleviate finger-pointing if a problem occurs.
Here are some frightening cyber security facts posted by DMR:
- Cost of cyber attacks annually = $400 billion
- Percentage of US adults that suffered a security incident between Dec 2015 – Dec 2016 = 51%
- Average cost of a data breach = $6.5 million
- Number of data breaches reported in 2015 = 781 / in 2016 = 1,093
Forbes contributor, Steve Morgan, conducted a cybersecurity analysis of large companies in 2016. Here are a few of Mr. Morgan’s findings that are relevant to any organization:
- 458% increase in the number of times hackers searched Internet of Things connections for vulnerabilities. (AT&T summary)
- Malware attacks nearly doubled to 8.19 billion, with Android ecosystem being the prime target. (Dell)
- The healthcare industry was the one most frequently attacked, speeding straight past financial services and manufacturing. (IBM X-Force)
- Attacks on automobile systems will increase rapidly in 2016 due to the rapid increase in connected automobile hardware built without foundational security principles. (McAfee Labs)
- Spear-phishing campaigns targeting employees increased 55% last year. (Symantec)
Cloud Security Questions That Need Answers
Is your data safe from hackers in the cloud?
For most individuals and small businesses, the answer to this question is probably “yes,” but larger businesses are at a higher risk. Hackers are not peeping Toms; they are thieves. They want information that will yield financial gain in some way. Thieves can sell credit card data, contact information, and many security secrets if they are able to hack into the network of a large company.
Information security events that affect cloud systems are occurring with no end in sight, so it should be no surprise that the cloud should be treated as a nonsecure environment with numerous threats and concerns. The cloud has all of the same (and even more) vulnerabilities and weaknesses as other computing platforms, including configuration issues, patching and upgrade requirements (to fix weaknesses), source code issues, unauthorized privilege escalation, and unexpected downtime, to name a few. A statistical analysis of cloud security incidents over a five-year period identified 175 cloud security incidents and 12 threats to cloud security ISACA Journal
Specific policies ensure a smooth operation and avoids lapses in security. Keeping all software updated to the newest version is also a best practice.
Have you provided cloud security for your company?
The current environment is cause for alarm. Companies that neglect security are inviting disaster and failure into their operations. A good analogy is the foolish young driver who feels there is no need for a seatbelt because he is a good driver. Some companies have very smart IT staff and assume they can fix anything that may happen. Even if they can, the cost of a breach is far greater than the cost of improved security.
Do you know the top cyber security statistics that keep us up at night?
Remember, no organization is exempt from attack. As NetworkWorld stated, “a breach can happen to any organization at any time.” Whether you are a hospitality, financial, or healthcare company, vulnerabilities exist. Have no fear; IDR Group is here to help. However, before we help, here are some of the most pressing cyber security statistics to take in as an organization:
- Over 169 million personal records were exposed in 2015, stemming from 781 publicized breaches across the financial, business, education, government and healthcare sectors. “ITRC Data Breach Reports – 2015 Year-End Totals” | ITRC
- The average global cost per each lost or stolen record containing confidential and sensitive data was $154. The industry with the highest cost per stolen record was healthcare, at $363 per record. “Cost of Data Breach Study: Global Analysis” | IBM/ Ponemon
- The median number of days that attackers stay dormant within a network before detection is over 200. “Microsoft Advanced Threat Analytics” | Microsoft
- As much as 70 percent of cyberattacks use a combination of phishing and hacking techniques and involve a secondary victim. “2015 Data Breach Investigations Report” | Verizon
- 74 percent of CISOs are concerned about employees stealing sensitive company information. “SANS 2015 Survey on Insider Threats” | SpectorSoft
Steps to Protect Valuable Cloud Data
Strong Passwords Improves Cloud Security
- We all resist the need for this, but it ranks at the top for improving your cloud security. As we learned this past year in the political realm, “password” is not a good password because it is too obvious.
- Change your password regularly. Again, I hear the groans, but this strengthens the security of your information and that of your clients. This is especially true in the cloud universe.
A Team Trained to Avoid Traps Improves Cloud Security
- Only necessary employees need access to cloud information. The job should be done by capable team members. Obviously, they need to be trustworthy and reliable.
- Whoever is in charge of cloud security needs to train the team in basic security consciousness. Those with access to the cloud in your company need to be made aware of phishing, scams, viruses, etc. They do not need to be certified as IT people, but they need to be equipped to work as a team to combat hackers.
- Never download software unless by IT personnel. They should be the only people who verify legitimate software to install.
Beware of Common Mistakes That Compromise Cloud Security
- Phishing scams are a common practice of hackers. Remember, attackers will try and infiltrate you with emails that are not legit. Phishing scams are simply the sending of emails purporting to be from reputable companies in order to induce team members to reveal personal information. Bold phishing scams will request passwords or maybe even credit card numbers.
- Downloading software, especially if it’s free, is risky. Only IT personnel should download and install, and only legitimate software.
We could list other examples, but the fact is that the Internet opens gateways that thieves exploit. Please use common sense before attacks happen. IDR Group can help you and your company create a secure network that is protected internally and in the cloud. Contact us for a free consultation.