Bernard Montel, Technical Director and security strategist, at the cyber firm Tenable, suggests a hybrid solution of on-prem and cloud.
You won’t be surprised that the cloud remains one of the fastest-growing trends we’ve seen in the past few years. Ever since the covid-19 pandemic, companies are increasingly embracing the cloud. According to the findings of a commissioned survey of 100 U.K.-based cybersecurity and IT leaders, conducted in 2023 by Forrester Consulting on behalf of Tenable, seven in 10 organisations say they use multi-cloud and/or hybrid cloud environments. However, over two-thirds of respondents (67 per cent) cite cloud infrastructure as one of the highest areas of risk exposure in their organisation.
With that in mind, we’ve observed a persistent trend among businesses opting to continue to use on-prem solutions. This decision has been a constant challenge for companies since returning to work and daily life. The reluctance to rely solely on the cloud has driven companies to adopt a dual approach, leveraging both on-prem and cloud resources for enhanced security and stability.
This approach is predominantly embraced by larger organisations, while small and medium enterprises are swiftly transitioning exclusively to the cloud due to financial constraints. The balance between on-prem and cloud solutions isn’t uniformly split between big and medium-sized companies. Depending on the sector and its operational requirements, their approach varies.
Recent cyber attacks often exploit vulnerabilities across cloud resources, data, and on-prem networks due to identity misconfiguration or lapses in security protocols.
In the foreseeable future, we will likely witness a surge in companies adopting a hybrid model. While physical desktops persist across most businesses, the transition to fully virtual desktops remains a rare occurrence. The integration of on-prem software with cloud solutions will promise a fortified defence against cyber threats anticipated in 2024.
As the last decade has seen large and listed organisations accelerate their defensive capabilities with SOC teams and Identity Access Management, hackers are increasingly looking for low-hanging fruit. All too often smaller organisations security practices can be less mature offering an easy target.For threat actors, compromising these organisations can be the first layer of a successful infiltration, facilitating further incursion into third-parties. We have seen that in 2023 as SaaS organisations systems were compromised and exposed data and systems of connected organisations. Therefore in 2024, attacks on small and medium-sized organisations (SMEs) are expected to intensify, as the infancy of their cybersecurity is exploited by a booming ransomware-as-a-service industry.
The frequency of attacks on SMEs and their ripple effects will have consequences on larger organisations, as their operations act as a conduit to the firms they are servicing. This is a problem that is being addressed by the new EU directive – NISv2. The order, effective in October 2024, aims to promote a more secure business ecosystem for thousands of companies that form the UK’s critical national infrastructure, and yet a third of them are still unprepared.
Meeting the compliance standards for NISv2 will be vital for smaller organisations currently at the behest of hackers looking for easy wins. SMEs invariably pay ransoms at a higher rate due to the severe impact it has on the continuity of their business, because of their lack of recovery protocols. Forward thinking SMEs will focus on preventing attacks before they occur, weatherproofing their company against an increased pace of threat.