SECURITY in the cloud is a top concern for the modern enterprise. Fortunately, provided that organisations do their due diligence when evaluating security tools, storing data in the cloud can be even more secure than storing data on premises.
However, this does require deploying a variety of solutions for securing data at rest, securing data at access, securing mobile and unmanaged devices, defending against malware, detecting unsanctioned cloud apps (shadow IT), and more. Amidst this rampant adoption of security tools, organisations often forget to bolster the weakest link in their security chain, their users.
In Asean countries, enterprises’ rapidly expanding cloud footprints make them a prime target for cyber attacks. While Malaysia is ranked third globally in commitment to addressing cyber security issues, it is also ranked sixth in the region and 33rd globally in vulnerability to cyber attacks. Unfortunately, the country’s current circumstances do not match its admirable intentions.
Nevertheless, countries like Malaysia are striving to enhance their cybersecurity efforts. A report from AT Kearney states that Asean countries spend 0.06 per cent of their combined Gross Domestic Product (or US$1.9 billion [RM7.82 billion]) on cyber security on average.
In 2017, Malaysia invested 0.08 per cent, double the .04 per cent of its neighbours in the region. Additionally, while Malaysia currently employs 6,000 cyber security professionals, the nation is seeking to reach 10,000 by 2020.
According to another survey, 96 per cent of Malaysian enterprises are only in the early stages of security preparedness. While these companies recognise the importance of cyber security, most have only deployed basic tools like firewalls and anti-virus protections for on-premises and managed devices. Nearly half lack security intelligence and event management systems for monitoring and responding to various threats. Finally, despite the fact that the weakest link in enterprise security is the non-IT employee, only 31 per cent of Malaysian companies want their workers to take part in IT security training.
Cyber criminals are constantly growing in sophistication; they leverage an ever-growing number of advanced strategies and tools in order to steal data. As such, it is critical for enterprises to employ proactive cyber security that prevents breaches from happening in the first place.
While great steps are typically taken to secure data, relatively little thought is given to the behaviours of its users. This is likely due to an ingrained reliance upon static security tools that fail to adapt to situations in real time. Regardless, users make numerous decisions that place data at risk — some less obvious than others. In the search for total data protection, this dynamic human element cannot be ignored.
External sharing is one example of a risky user behaviour. Organisations need visibility and control over where their data goes in order to keep it safe. When users send files and information outside of the company, protecting it becomes very challenging. While employees may do this either maliciously or just carelessly, the result is the same — data is exposed to unauthorised parties. Somewhat similarly, this can occur through shadow IT when users store company data in unsanctioned cloud applications over which the enterprise has no visibility or control.
Next, many employees use unsecured public WiFi networks to perform their work remotely. While this may seem like a convenient method of accessing employers’ cloud applications, it is actually incredibly dangerous for the enterprise. A malicious party can monitor traffic on these networks in order to steal users’ credentials. The fact that many people reuse passwords across multiple personal and corporate accounts only serves to exacerbate the problem.
Users place data at risk through a variety of other ill-advised behaviours, as well. Unfortunately, traditional, static security solutions have a difficult time adapting to users' actions and offering appropriate protections in real time.
In the modern cloud, automated security solutions are a must. Reactive tools that rely upon humans to analyse threats and initiate a response are incapable of protecting data in real time. The only way to ensure true automation is by using machine learning. When tools are powered by machine learning, they can protect data in a comprehensive fashion in the rapidly evolving, cloud-first world.
This next-gen approach can be particularly helpful when addressing threats that stem from compromised credentials and malicious or careless employees. User and entity behaviour analytics (UEBA) baseline users’ behaviours and perform real-time analyses to detect suspicious activities. Whether credentials are used by thieving outsiders or employees engaging in illicit behaviours, UEBA can detect threats and respond by enforcing step-up, multi-factor authentication before allowing data access.
Machine learning is helpful for defending against other threats, as well. For example, advanced anti-malware solutions can leverage machine learning to analyse the behaviours of files. In this way, they can detect and block unknown, zero-day malware; something beyond the scope of traditional, signature-based solutions that can only check for documented, known malware.
Even less conventional tools like shadow IT discovery are beginning to be endowed with machine learning. Historically, these solutions have relied upon lists generated by massive human teams that constantly categorise and evaluate the risks of new cloud applications.
However, this approach fails to keep pace with the perpetually growing number of new and updated apps. Because of this, leading cloud access security brokers (CASBs) are using machine learning to rank and categorise new applications automatically, enabling immediate detection of new cloud apps in use. In other words, organisations can uncover all of the locations that careless and conniving employees store corporate data.
To reduce the likelihood of data leakage and cyber attacks, organisations must identify everything that they need to protect, as well as the strategies that they can implement to do so. While training employees in best security practices is necessary, it is not sufficient for defending data in our high-speed business world.
Education must be paired with context-aware, automated security solutions (like CASBs) in order to reinforce the weak links in the enterprise’s security chain.
The writer is vice-president of sales for Asia Pacific and Japan for a next-gen cloud access security broker