In November 2022, the Irish Times published an article with a shocking headline: Cloud reliance heightens cyber risks for Irish businesses
The article was based on findings of PwC report, which highlighted an increase in cyber-attacks and pointed fingers at the rise in outsourced IT support and cloud-based technologies. As providers of both – ouch! – it wasn’t surprising that we found the headline disturbing.
We understand the risks of cybercrime. We know all about cloud security, and it would be easy for us to dismiss the article as alarmist, but it wouldn’t be helpful. While we know the issues, it’s clear that many don’t. The PwC survey was thorough, and the stats are telling. 3,500 senior executives were questioned, including 40 in Ireland, and the majority said that since 2020, enhancing their reliance on the cloud had resulted in an increase in cyber-attacks. They pointed to data breaches, ransomware attacks, compromised email and service vulnerabilities.
But is the apparent culprit – the cloud – really to blame? That’s a question that merits a closer look.
There’s an implication in the report that it is. The article states that companies have been pushed “beyond their comfort zones … into the cloud and along supply chains that are nearly completely digital.” The suggestion is that the cloud is less secure than on-premise solutions.
The truth isn’t quite as simple as that. This is how we see it:
It’s not the cloud’s fault. It’s the company’s responsibility to ensure its security.
The overall message about cyber threats is getting through. The PwC survey found that the majority of those surveyed are continuing to increase their cyber security budgets. But perhaps the question isn’t whether businesses are spending some of their budgets on cyber security. The real issues often run much deeper.
In our experience, most companies we meet are unfortunately lax with security and it’s often the basics that are overlooked and/or an over reliance on tools. Problems generally don’t originate with the controls or from the technology, they stem from the culture, the lack of knowledge, the budget, resources and the lack of cohesive strategy.
Addressing the lack of knowledge is crucial. The key things companies need to understand are as follows:
- What is the current cyber security posture?
- What are their compliance or regulatory requirements?
- What is the technology strategy and how does this align to the business?
- How they can ensure both they and any third-party providers are secure?
- How to implement security best practices for their cloud deployments
- How to control and monitor risk.
Despite the article highlighting the rise in cyber threats, companies shouldn’t shy away from cloud solutions. The benefits are huge, but like any powerful technology, its vital to understand how to work with it safely.
If you’d like to understand more about staying safe in the cloud, we’d be happy to help.