Cloud Expo Asia saw more than 100 over vendors showcasing their latest on cloud technology and one aspect that BT is focussing for this year’s show is on security. While we didn’t manage to catch BT during the show for a video interview; Michael Kiss, Director of Complex Security Solutions, Asia, Middle East & Africa, BT accepted an interview through email discussing about security in the cloud.
According to BT and IDC’s research, they estimated 40% of organisations in APAC would have adopted a cloud first strategy by the end of this year, up from the current 18.7%. That’s not the story though – many organisations, while recognising the benefits of cloud, still have a worry regarding security due to frequent criminal activities, with as much as 18% believing that cloud adoption could be more challenging than beneficial.
BT’s approach is to think like a criminal – not adopt their ethics, mind. Crime, like business, is about ROI; if you were breaking the law I’d think that you want some benefits out of it, whether monetary or gratification. The internet ages means data is now more abundant, yet more valuable than ever. Personal information could be sold on the black market for lots of money for ID theft, fraud, extortion, deception… with money being quoted to be the most common driving factor for data theft. BT aims not to only create tougher systems that are harder to crack – but also making it more difficult for attackers to use or cash in on the information they have stolen.
Below is the interview with Michael, speaking about perceptions of cyber security and issues about the current system.
DSA: Can you expand on the typical worries that organisations have? And what, if any, misconceptions there are?
Micheal: Majority of (89%) of senior IT leaders surveyed by BT and KPMG expressed concerns about an attack by organised crime consortia, with similar percentages seeing terrorist action and state-sponsored hackers as a real danger. Although awareness of the threat has never been higher – cybersecurity now sits at the top of the boardroom agenda, and by 2020, Asia-Pacific will have splurged US$22 billion on critical security infrastructure – a majority of businesses do not comprehend the methods and motivations of these attackers: Only two in 10 (22%) respondents said they were fully prepared to combat security breaches perpetrated by organised crime.
Organisations need to wake up to the fact that the barriers to cybercrime are now lower than before - hackers can now easily create a package of malicious content and services which they then sell to the highest bidder. Often referred to as “crime-in-a-box,” this emerging, agile business model makes it easier for anyone to launch a cyberattack as long as they can pay for the package. Even though seven in 10 (71%) have procedures in place to review the tools and strategies deployed by cybercriminals, less than a third (30%) understand them.
DSA: What are some of the security measures organisations can take to secure their data in the cloud?
Micheal: Outwitting today’s cybercriminals requires a paradigm shift: IT security leaders must take the offensive and disrupt digital crime from its roots. Fighting back cybercriminals with a proactive and immediate response means organisations need to first understand the methods of these entrepreneurial criminals. Organisations can start by learning to view business as a criminal would, and start gathering intelligence on the changing criminal tactics and new threats. They must also plan and exercise cyberattack scenarios to educate the entire organisation and streamline the response process.
Many cybercriminals operate within a vast network of information sharing and collaboration - organisations can learn from this through building strategic partnerships of their own, with law enforcement and government agencies to ensure access to trusted contacts for immediate response in the event of an attack. This might mean creating the headroom for teams to participate in forums designed to respond to managed cybercrime. Another way to limit the ability of criminals to exploit company data is through collaborating with external parties who have previously suffered attempts to exploit data.
DSA: Can you tell us a bit about some of the attacks you’ve seen? And suggest mitigating actions?
Micheal: The stakes are high for businesses: Cyber-attacks cost enterprises in the region a whopping US$81 billion last year, nearly one-third of global costs. Digital crime is making it difficult for all businesses to fully exploit the new digital technologies that fuel growth and drive profit. Recent high-profile attacks on highly lucrative banks and companies in Japan, Bangladesh, Thailand, the Philippines, Taiwan and Vietnam suggest revenue losses amounting to tens of billions of dollars.
DSA: What are some of the common mistakes you see people make with regards to data security in the cloud?
Micheal: Organisations are suffering from outdated, emotional and sometimes impulsive buying behaviour when it comes to security investment. The attitudes across companies also reflect this sentiment – few can confidently say they are doing enough to prevent attacks. When asked about measures to combat security breaches perpetrated by organised crime, majority (78%) of respondents were not fully prepared. Rather than simply putting up defences and purchasing the latest technology available out there, businesses must recognise that a proactive approach is paramount, and equip themselves to be able to spot threats from afar.
DSA: What would you recommend for companies wanting to adopt a cloud first strategy? What are some of the factors they should consider?
Micheal: We see a tentative approach towards the cloud - organisations are grappling with the move to a cloud-based infrastructure. Instead of going for a high-impact overhaul of current infrastructure that drives long-term business results, they are taking piece-meal steps in implementing short-term tactical cloud projects that do not deliver in the long run. They need to recognise that enterprise cloud applications and services are designed to help businesses realise the possibilities in the cloud while substantially decreasing risks and costs.
Organisations should undertake a thorough risk analysis before deciding on their choice of cloud services. Every organisation has a different appetite for risk and this needs to be factored into the decision buying equation. Our security specialists can help organisations make the right assessment for the optimal solution to limit risks, and deliver a great performance, whatever their needs may be.