Collaboration between private and public sectors and increased visibility are crucial in combatting cloud attacks, says Barry Cashman, RVP UK and Ireland, Veritas Technologies.
Cloud technology has become ubiquitous, serving as the foundation for organisations of all sizes, and offering various benefits such as increased efficiency, scalability, flexibility, and reduced IT expenses. However, the cloud is not immune to issues, especially as the number of cyber attacks on cloud platforms and applications increases. As the Government’s National Cyber Security Strategy (NCSS) highlights, “the increasing dependency of businesses, government and wider society on cloud and online services is creating new and unique vulnerabilities and interdependencies.”
The significance of this trend is highlighted in Veritas research which showed nearly six in ten UK organisations report data security issues when accessing and maintaining data in cloud environments. Concerningly 80 per cent had experienced a ransomware attack on their cloud data, with over a third suffering organisational downtime and financial loss due to issues with recovering their data.
Tackling this pernicious cloud threat is a collaborative effort involving private and public organisations alike – from users, cloud service providers (CSPs), cybersecurity partners, law enforcement and government agencies. As the Global Initiative against Transnational Organized Crime urges, “no one actor has a total view of the cybercrime eco-system but through partnership governments, civil society and the private sector can work together to build a clearer picture of the threat, respond more quickly to those threats, and prevent harm to our citizens.” No one part of this collaborative ecosystem can ensure victory against hackers alone. The problem requires a large-scale operation encompassing visibility and insight, information sharing, and technical expertise alongside the capability to sanction and penalise bad actors.
In the same way that cybercriminals share strategies and tactics, so must those working to thwart them. Visibility lies at the heart of this battle. It is not enough to have insight into the attack strategies cybercriminals employ. It is necessary to have complete visibility into the data stored within cloud environments and the numerous access points these services might provide.
Right now, however, visibility is one of the core security factors most likely to fall down. Veritas research found that 92pc of UK leaders acknowledge they need to improve their ability to track their entire data footprint. Just 57pc of UK organisations say they have “complete visibility” into data stored within cloud environments. The NCSS makes clear, ‘It is the responsibility of boards of businesses and organisations to manage their own cyber risk’. When organisations lack insight into their complete data footprint they neglect this responsibility.
Lack of data visibility poses a fundamental threat to data security – you cannot protect what you cannot see. And in the event of an attack, this also means a missed opportunity to provide law enforcement with valuable insight. If organisations cannot see their full data picture, they not only lack the ability to protect it but also to serve the broader public interest. In fact, the NCSS clarifies the government’s intention to step up data sharing across government and industry, including by helping businesses to share data more easily with law enforcement. This extension also includes CSPs.
As the OECD recognises, “evidence needed by police to solve a cybercrime is often held by private industry outside of police’s jurisdiction, [and there is] a lack of communication between law enforcement and service providers with regard to how to share and obtain needed evidence most efficiently.”
If CSPs are unable or unwilling to provide intelligence, lessons cannot be learned, and the perpetrators are less likely to be brought to justice. With access to data from the site of attacks, CSPs are crucial in informing decision-making and sharing insights and data related to breach points. More transparency is needed in sharing information about cyber attacks so it is easier for law enforcement to identify and prosecute those responsible.
Boosting enterprise visibility is core to thwarting vulnerability in the cloud as part of a global, collaborative strategy. As such, collaboration with global cloud data protection technology companies is also a vital part of the jigsaw. Private global cybersecurity experts are uniquely positioned to offer insight and expertise – especially those focused on ensuring full and complete data visibility across complex cloud environments.
