The security landscape has radically changed and evolved over the past 10 years. Hacking has gained the same infamy as the bank heist or spy games. Today, thieves often operate online by utilizing flaws in companies’ data security infrastructure to extract valuable information.

Over the last five years, cloud computing has exploded and companies want to take advantage of the numerous benefits the cloud offers. With that in mind, it is important to understand the risks and implications of not properly apply robust security in the cloud. The top threats are always changing, whether it is a new breed of malware or a novel take on a classic social engineering attack. So far, 2016 has been a groundbreaking year in terms of the magnitude and variety of attacks.

Ransomware, an approach that infiltrates a device or network with the intent of denying the user access to files, plagued the security community across industries.  The challenge of retrieving “locked” files has forced organizations from an LA hospital to a municipal police department to pay ransom fees. While paying may seem morally uncomfortable, all too often it is the only financially viable solution. Even the bill for a security consultant to investigate an attack can cost more than the typical ransom.

Hackers already have the advantage of choosing from hundreds of potential failure points, from application vulnerabilities to human behavior. The current shortage in cybersecurity skills only augments their advantage. IT security salaries have skyrocketed, making it difficult for institutions with traditionally limited IT security budgets like hospitals, police stations, and schools to compete. Relief may come in the form of cloud-based applications, which effectively outsource elements of security for a cost-effective, user-friendly solution.

The Panama Papers data breach left law firm Mossack Fonseca reeling. The mega leak consisted of 2.6 terabytes worth of sensitive documents, almost every single file in Mossack Fonseca’s possession. The hack forces enterprises to question the security of their business partners, especially those with sensitive data like law firms. Whereas law firms may not consider themselves typical hacking targets, cybercriminals and hacktivists alike have their eyes on sensitive client data.

In companies with widespread security shortcomings, it can take an effort from the top to turn things around. If the urgency is not there, it may be because business leaders are frequently unversed in the risks of cyber attacks.  According to a recent study by Deloitte, board members are not up to speed with current security events and do not know how to prevent future disasters. Lack of technical knowledge is not the only reason. 90% of corporate executives said that they do not understand cybersecurity reports, but 40% do not even believe they are responsible in the event of a breach. This underlines the importance of a CISO to an enterprise security strategy. It is the CISO’s task to educate the board by translating cybersecurity jargon into the needs of the business.

Cloud Usage Report Template

This powerpoint template includes key slides the board will expect to see on risk from cloud usage.

Download Now