KPMG: Do not open the front door to cloud-based threats

THE scale and severity of the COVID-19 pandemic has resulted in governments around the world continue to impose lockdowns and enforce restrictions on movements.

This has led to a switch to remote working and businesses took to the cloud to foster remote working environments, continue reaching their customers online and to protect their data.

Cloud investment was considered the third most important technology investment during the onset of COVID-19.

The remarkable acceleration of cloud services adoption during the pandemic isn’t a temporary trend, and it is vital to ensure that these services are governed and monitored by corporate IT, risk and cyber security professionals who understand today’s emerging threats and regulatory requirements.

In KPMG’s latest report, Securing the cloud, details the need for security teams to move beyond traditional approaches to effectively manage security and protect vital business assets in today’s new reality and threat landscape.

“The rush to shift online, businesses may have taken an ‘act now, ask questions later’ approach to their digital transformation and cloud implementation. This could mean some sizeable gaps in their cloud security, leaving them vulnerable to new forms of cyberattacks,” cautions KPMG’s head of IT-enabled transformation Alvin Gan.

Alvin Gan

In addition, KPMG/Harvey Nash CIO 2020 survey revealed that four in 10 IT leaders reported that their companies have experienced an increase in cyber-attacks last year.

“Unless they begin enacting crucial steps to better govern their cloud security solutions, an attack on their system becomes a matter of ‘when’, not ‘if’,” added Gan.

Holding the threat landscape at bay requires security teams to move well beyond manual asset management and configuration, access reviews and incident playbooks.

According to KPMG, below are some key lessons and insights that can provide companies with practical steps to effectively govern cloud security solutions:

Beware of threats lurking in the shadows

A ‘shadow cloud’ concerns the use of cloud infrastructure, services and applications outside the boundaries of an organization’s corporate IT policies. These solutions will usually result in an increased risk of exposure for corporate data, personally identifiable information and intellectual property.

Organisations should enact efficient oversight and governance of cloud technology to discourage staff and stakeholders from deploying shadow cloud solutions and this includes addressing shadow cloud issues in policies and employee standards, or blocking access to unauthorised cloud-based applications.

Cloud-based e-mail — opening the front door to attacks

While cloud-based e-mail offers much needed flexibility to businesses enduring today’s disruptive pandemic, the convenience can also unknowingly grant access to crafty hackers at anywhere, anytime. This has given rise to large-scale business e-mail compromise (BEC) attacks.

Common cloud-based e-mail services often come with a suite of authentication and monitoring capabilities as add-ons which should be carefully maintained to effectively detect malicious activity.

Test your incident playbooks

Security teams are often reassured by the range of security monitoring tools offered as standard by cloud service providers. This could result in a false sense of security as incident response procedures look and feel different in the cloud. Thus, security teams must not be complacent and should ensure they adapt their incident response procedure to be effective in the cloud.

In such a volatile situation, maintaining customer trust is more challenging than ever before.

“Companies should move boldly and strategically to better safeguard their enterprise assets and customer data, ensuring they have the right systems and controls in place to protect their business, their customers, and avoid a cyber security breach which can result in reputational and financial damage,” concluded Gan. – Jan 19, 2021

 

Subscribe and get top news delivered to your Inbox everyday for FREE