As breaches become more sophisticated, firms must train for the next war, not the last battle

Businesses hit by a cyber attack must not dwell on the past but should instead fortify their organisation for the future.

Cyber-attacks are continuing to increase and evolve at an alarming rate. In just the last few weeks, we’ve seen the personal data stolen from accounts of 21 million Timehop users and 40,000 UK customers of Ticketmaster. Such breaches highlight how cyber threats have are becoming increasingly targeted with specific objectives, such as the theft and selling of consumer data. As a result, traditional approaches to cyber security, such as perimeter-based security, detecting and blocking what comes in and out of the environment, won’t cut it anymore.

Cyber security should now be a strategic business priority for every CEO. The implementation of the European General Data Protection Regulation (EU GDPR) in May 2018, coupled with increasingly sophisticated cyberattacks, have raised the stakes severely. Not only in terms of the immediate IT costs and risk of fines, but from the subsequent dip in customer confidence, as research shows that security breaches can represent a permanent loss of 1.8 percent to a company’s overall value due to drops in investor confidence.

Organisations must therefore rethink their approach to cyber security to avoid considerable GDPR sanctions and protect shareholder interests, as well as share prices. But with security leaders’ time already tight, protecting a business’ data and infrastructure shouldn’t be about doing more – it’s about doing it more effectively.

So, what are the main challenges and how can they be resolved?

Threats posed to multi-cloud environments – how to stay secure

The trend toward multi-cloud (applications being deployed across two or more cloud platforms) is adding to IT leaders’ to-do list. Multi-cloud can bring many benefits. Businesses can combine private, public clouds and dedicated servers, to choose the cloud service best suited for a specific workload. They can also minimise the risk of widespread data losses by distributing information across multiple platforms.

However, it can cause security headaches. Multi-cloud means multi-security standards, which may not protect data in the same way or may offer different levels of governance. The lack of common standards means a single security solution may not cover them all equally. Businesses also need broader expertise at their fingertips, as each cloud has its own set of certifications. Investing in the training to operate each at the required standard can be cost – and time – heavy.

We’re also seeing businesses overly relying on signature-based technology to protect these clouds, rather than investing in more sophisticated tools. Signature-based tools are great to detect already known threats, but will not detect the presences of an advanced attacker who masquerades as seemingly normal activity. And, without the expertise to investigate alerts and manage the technology, they can become an expensive acquisition of log file depositaries and flashing warning lights.

To fully benefit from the agility, speed and utility-based cost of multi-cloud adoption, a business must first evaluate its existing security solution. It's not enough to see cloud adoption as an addition to existing security technologies and practices – businesses must adapt their entire security solution to become cloud centric, as well as ensure they’re in a position to auto-scale their solution to fully optimise the benefits of moving to the cloud.

Investing in expert skillsets and talent

Underpinning both these challenges is the issue of finding the right expertise. And, as the threat environment evolves, this will become an even bigger problem for businesses. Of course, it’s not as simple as employing more staff – as well as headcount issues, organisations will also need to invest in keeping them up to speed on each of the clouds being used and an ever-changing threat landscape.  It is not just a numbers game; organisations need to find the right type of expertise to counter they challenges faced in the contemporary threat landscape.

One route is to find a partner that can support with managing data security. This shouldn’t be viewed as outsourcing in the traditional sense, businesses have the ultimate responsibility to ensure their adherence to compliance regulations. But a partner with specialist insight into both the cloud and data security can help businesses access the expertise they need to ensure multiple clouds run smoothly and threats are minimised, while keeping up to date with the attack landscape. This also frees up resource to focus on more strategic business goals such as development, innovation, policy and educating staff on security.

Businesses are also often hesitant to release details of the breach they suffered, making it hard for others to learn from what happened. A specialist Managed Security Service Provider (MSSP) partner will likely have seen many different types of breach before across multiple commercial and industry vectors, meaning they can apply this experience and improve protection.

Target-specific financial investments

Businesses also need to realise that it’s not enough to just detect a problem. They must have appropriate means in place to respond to an attack and remove the threat, with a robust and well-practiced end-to-end process. While investing in signature-based tools provides a certain level of monitoring, if the processes aren’t in place to take next steps then these efforts are wasted.

Regular backups should also mitigate or reduce the need to consider paying a ransom if a breach does occur. In addition, data encryption will provide assurance that, even if data is taken, it is protected, and pseudonymisation will help avoid personal details being leaked.

Security investments guarantee success

Technology is evolving at such a rapid rate that the parameters of security practices are in constant flux too. Security measures that were thought to be sufficient in 2017 may already be outdated, and this rate of change is only set to further accelerate this year and beyond. It is essential that businesses and their security leaders evolve with the times, adopting a security approach that combines the latest expertise, processes and technology to enable the business to operate securely, reduce risk and minimise potential impact.

Though cyberattacks are undesired, they provide an incredibly valuable learning opportunity for businesses should they occur. However, it is important that that they look forward, anticipating through intelligence and research in order to pinpoint where the next attack may come from and be armed to take action. Train for the next war, not the last battle!

Danny O’Neill, Senior Cyber Security Manager for EMEA at Rackspace 

Image Credit: Balefire / Shutterstock

For more information contact discover@everycloud.co.uk or call 0800 470 1820