Memories of HSE attack haunt Irish IT leaders as the spectres of ransomware, malware, data loss/theft and access from dark web remain top security risks.
The dark web remains a concern for almost a third (32%) of IT leaders employed by enterprises across Ireland.
The high profile ransomware attack on the HSE where administrators were effectively locked and there was a scramble to lock down systems is still an all-too recent memory for many.
“The threat landscape is more sophisticated and relentless than ever, with attacks coming from various directions and through different channels”
The porous nature of networks that include smartphones and wireless routers as nodes aligned with the trend of hybrid working not to mention a distinct lack of awareness among ordinary staff of threats lurking in every email and communication presents a perfect storm of opportunity for hackers and data thieves.
The research revealed what IT leaders view as the security risks associated with cloud computing, with the top five being ransomware/malware (33%), data loss/theft (33%), access from the dark web (32%), account hijacking (31%), and phishing/social engineering attacks (29%).
More than a quarter (27%) see lack of staff awareness as a cybersecurity risk associated with cloud computing and a similar proportion (26%) cited human error. Some 23% also said malicious insiders.
Locking down the cloud
The study revealed that configuring cloud properly and securely is proving to be a challenge for 40% of enterprises, with almost half (47%) of respondents admitting that IT security risks are a main concern around cloud adoption and management. Furthermore, some 29% said they have limited or no visibility of their workloads in the cloud.
On the other hand, more than a quarter (27%) of IT leaders say they are using cloud computing to enhance their organisation’s security standing. Moreover, some 24% have documented workflows so cloud security incidents are responded to consistently and a similar proportion (22%) have a standardised and automated incident response strategy in place for same.
However, in-house skills do appear to be a weak spot with less than a fifth (18%) of enterprises having experienced individuals in their team who know what to do in terms of cloud security incidents and one in ten (11%) outsourcing this part of their IT as they lack the in-house skills.
In keeping with this, the study found that 31% of IT leaders are concerned about the lack of in-house skills when it comes to the adoption and management of cloud computing, with almost half identifying cloud and cybersecurity as the two areas where in-house staff most need to be upskilled (48% respectively).
“Cloud has the potential to transform how a business operates, while also benefitting productivity, security and growth,” said Donal Sullivan, chief technology officer, Auxilion. “However, the IT foundations and skills need to be in place for organisations to realise and capitalise on the potential of cloud. If they are not, businesses will lose out on the value of cloud and also leave themselves open to risk.
“The threat landscape is more sophisticated and relentless than ever, with attacks coming from various directions and through different channels. Combined with a hybrid workforce, companies need to ensure their IT infrastructure and strategy is resilient.
“For some, that means establishing a more coherent cloud security incident response strategy. For others, it means outsourcing to an expert partner. Companies must therefore identify not only the cloud infrastructure and approach that works for them but also any skills gaps or additional solutions they need. In turn, they can make a success of – and drive success with – cloud,” Sullivan added.