According PWC’s 2015 Global State of Information Security Survey, the total number of security incidents detected climbed to 42.8 million this year, an increase of 48% from 2013. That’s the equivalent of 117,339 incoming attacks per day, every day. In our latest webinar, How to Spend Your Cloud Security Dollar, HOSTING product manager Tricia Pattee provided insights regarding today’s cyber threats and experts tips on how to get the most out of your cloud security investments. Missed it? Read on for highlights of Tricia’s presentation. You can also view it in its entirety on-demand.
Three Reasons to Invest in Cloud Security
Breaches are expensive
Cloud security has become a top priority for IT and security executives as outside cyber threats have become more sophisticated, and internal security incidents continues to rise. With an increase in breaches and cyber attacks come an increase in the financial costs of investigating and mitigating these incidents. Respondents in PWC’s survey reported loses of $20 million or more due to these events – twice as much as in 2013. These costs include incident mitigation as well as lost business, operational disruptions, tarnished brands and fees associated with the breaches.
Internal security incidents are just as likely to occur as external ones
And the best part? While many companies focus primarily on protecting themselves from external threats, internal incidents are just as likely to occur. In fact, more than 9 out of 10 healthcare data breaches affecting 500 or more individuals published on the U.S. Department of Health & Human Services website were caused by organizations’ own employees, not hackers.
Cyber attacks occur worldwide 2 – 5 times per second
Still not convinced that your company could experience a breach? View the Norse Attack Map for info on current cyber attacks as they happen. This map shows shows real attacks in real time – approximately two to five times per second. It also provides info on the type of attack along with the location origin and attack location.
How much should your organization spend on cloud security?
If you ask your IT director this question, she will probably say, “A helluva lot more than we’re spending now.” And she’d be right. In 2014, the average information security budget dropped to $4.1 million, down 4% over last year. Today, organizations invest between 3 -5 % of their overall IT budget on security.
Information security spending is not keeping pace with increases in the frequency and costs of security incidents, despite elevated concerns about cyber risks. While organization is different, HOSTING sees customers allocating approximately 10% of their budgets to security – enabling them to successfully implement security best practices and effective tools. And a 2015 survey by ComputerWorld shows that nearly half (46%) of the respondents said that they will invest more next year in security, including: access control, intrusion prevention, identity management, and virus and malware protection.
Top 6 essentials for your cloud security spend
According to Tricia, there are six essential cloud security elements that every organization should have.
Patching ensures that your systems are up to date. As long as you keep patches up to date, it’s extremely difficult for the majority of hackers to get in. The typical web application experiences 4,250 individual attacks each year – meaning that the hacker is randomly scanning for vulnerabilities. Whereas, targeted attacks happen an average of 12 times a year. Patching will help protect your environment from the more common, individual attacks.
The majority of hackers are lazy and look for low hanging fruit, which is anything that is out of date or not patched. Regularly scanning for vulnerabilities will determine where you may have something that is outdated or requires a patch. Hackers will do their own vulnerability scan on your environment to see where they can steal information. This is a simple, low cost practice to help with basic security.
Malware detection/Antivirus software
This often comes standard with a device. However, it’s important that you don’t solely rely on the software itself. Organizations must implement security awareness training so that your employees are familiar with what to avoid when surfing the web or when they see an unusual email come through.
Backup are essential for remediating activities as well as in preventing ransomware from being effective. Ransomware is a virus that allows will encrypt your data. Hackers who initiated the virus will demand money from companies, with the promise that they will return their data unencrypted. If your implement regular backups, you won’t have to worry about your data being taken for ransom.
Threat detection includes your firewalls and intrusion detection system (IDS). Your firewall is the first step to monitoring and controlling network traffic based on your security rules. The IDS will detect anything that may get through the firewall. It uses a signature database to identify malicious activity. It also uses heuristics, to identify traffic behavior patterns that could be malicious.
Log monitoring looks for anomalies in logs, looks at privileged user abuse.
While these technologies make up a basic cloud security toolkit, they are only part of an effective cloud security program. Organizations need to train all employees on the importance of security and the role they play in it. Having the right people in place to manage the security controls and policies is a first step. However, organizations also need to have a solid, testable plan in the event that an attack or incident occurs. Finally, regular reviews and audits ensure that training, processes and tools are up to date with current security best practices.
Believe it or not, we just scratched the surface of Tricia’s webinar. View it on-demand to get even more tips on how to maximize your cloud security dollar. And contact the HOSTING team of cloud security experts anytime with your questions.