Security strategy and employee education: critical in cloud securityTuesday, October 25th, 2016
Companies across the world are steadily shifting many business functions from their on premise IT infrastructure to the cloud, and it is no different in South Africa. While it is becoming increasingly easier to list the benefits of making the move, it is vital that companies do not ignore the security aspects.
Recent findings by consultancy company Control Risks has identified South Africa as the top target for cybercrime in Africa, given the relatively higher rate of internet penetration, GDP per capita and the lack of training provided to the country’s law enforcement agencies to deal with such crimes.
Security is an ever evolving threat landscape and as a result, partnering with experts who have experience in maintaining the integrity of a network, is key.
While the cloud services provider is responsible for protecting the basic infrastructure, businesses should not be complacent in ensuring that the fundamentals – IT policies and procedures, and regular security audits and tests – are in place.
Security is only as strong as the weakest link, and unfortunately in many cases this comes down to uninformed employees who place the company at risk. Company employees are increasingly being targeted through a variety of means designed to either trick them into providing information on phishing websites, or to click on links that result in malware being downloaded onto their computers or mobile devices.
Once an individual has compromised the network, perpetrators have access to the business’ network and the confidential information that resides on it.
Hackers are increasingly sophisticated, and attacks take on various forms from ‘whaling attacks’ which are a highly personalised form of phishing that are directed at senior management (ordinarily in the C Suite – CEO and CIOs), aimed at getting them to part with confidential company information to ‘Ransomware’ attacks that effectively encrypt and shut down a network until a ransom is paid.
Security breaches have evolved from the network perimeter. For example, over 90% of Ransomware attacks originate via email. The growing number of security issues highlights the need for businesses to engage with cloud service providers that have technologies in place to mitigate risk across cloud infrastructure as well as other areas of vulnerability, namely email and endpoint devices.
This is a view that is further substantiated by Gartner, stating that enterprises are naïve in thinking that cloud service providers are entirely responsible for their customers’ security, and that the ultimate responsibility lies with organisations to exert control over the cloud.
Cloud services delivered with the correct security measures will give the client a platform to grow their businesses.