The clock is ticking: while Fortune 500 companies detect one serious vulnerability every 12 hours, attackers need less than 45 minutes to do the same when they scan the Internet for vulnerable business assets.
Worse, bad actors are multiplying, highly skilled IT professionals are a rare resource, and the demand for contactless interaction, telecommuting and agile business processes continues to expand in cloud environments. All of this puts you at risk of attacking the organization – the total number of corners hackers can get into.
“We’ve seen a fairly steady set of attacks on different sectors such as healthcare, transportation, food supply and delivery,” says Gene Spafford, a professor of computer science at Purdue University. “With each of these cases, awareness of cybersecurity has increased. People don’t see themselves as victims until something happens to them – that’s a problem. It’s not taken seriously as a long-term systemic threat. “
Organizations need to understand where the critical entry points are in their information technology (IT) environment, and how they can reasonably, data-driven, reduce the area of their attack. Digital assets are not the only risk. The business reputation of the organization, loyalty to customers and financial stability – all this is on the balance of the company’s cybersecurity position.
To better understand the challenges facing modern security teams and the strategies they must adopt to protect their companies, MIT Technology Review Insights and Palo Alto conducted a global survey of 728 business executives. Their responses along with the involvement of industry experts provide an important basis for protecting systems from a growing battalion of bad participants and fleeting threats.
Vulnerabilities in the cloud environment
The cloud continues to play an important role in accelerating digital transformation – and for good reason: the cloud offers significant benefits, including increased flexibility, huge cost savings and greater scalability. However, cloud problems account for 79% of the observed impacts compared to 21% for local assets, according to the Cortex Xpanse 2021 Attack Threat Report.
“Clouds are just another company’s computer and storage resources,” says Richard Forna, director of the cybersecurity program at a graduate of the University of Maryland, Baltimore County. “Right here, it presents security and privacy issues for companies of all sizes.”
Even more worrying is that 49% of respondents report that more than half of their assets will be in the public cloud in 2021. “Ninety-five percent of our business applications are in the cloud, including CRM, Salesforce and NetSuite,” says Noam Lang, senior director of information security at Imperva, a cybersecurity software company, referring to popular subscription-based programs. dealing with customer relationship management. But while “the cloud provides much more flexibility and easy growth,” Lang adds, “it also creates a huge security problem.”
Part of the problem is the unprecedented speed at which IT teams can promote cloud servers. “The cadence we’re working on in the cloud makes it much harder, in terms of security, to keep track of all the necessary security updates,” Lang says.
For example, Lang says, in the past, deploying local servers has involved time-consuming tasks, including a lengthy purchasing process, deployment actions, and setting up firewalls. “Imagine how much time it allowed our security teams to prepare for new servers,” he says. “From the moment we decide to increase our infrastructure, it will take weeks or months before we actually implement any servers. But in today’s cloud environment, changing the code only takes five minutes. It allows us to move business faster, but also introduces new risks. ”
Download the full report.
This content was prepared by Insights, MIT Technology Review’s own content group. This is not written by the MIT Technology Review.