Cloud Computing Security

Cloud research: Ransomware, CISOs & new regulations

This is a contributed piece from Nigel Hawthorn, chief European spokesperson for Skyhigh Networks

Friction between business units and IT teams is commonplace. There is a perceived notion that the two are working at crossed purposes, with conflicting goals and methods, but this is hardly surprising given the structure of most organisations and the nature of traditional IT services. At the most basic level, business units simply want to do their job as effectively as possible, and want to be left to get on with it. On the other side of the coin, IT teams don’t want anyone to break their stuff and have seen it happen time and time again – hence why they enforce IT policies, which make or stop employees doing certain things.

This delicate balancing act is perhaps nowhere more pronounced than in relation to cloud services. As companies of every size attempt to become more efficient and cost effective, business units are increasingly moving their operations to the cloud. This trend has been reflected in the proliferation of cloud services available, with the average European enterprise now using 1,038 distinct cloud applications.

IT departments are frequently being asked to replace aging desktop applications with more agile cloud-based alternatives. In many cases, this means being caught between delivering technologies to support innovation and growth in the business and securing sensitive data against proliferating cyber threats.

Alongside the Cloud Security Alliance (CSA), Skyhigh Networks conducted a survey to discover how the role of the IT department has changed and the barriers which are still preventing a seamless migration to the cloud. Key findings regarding security trends such as ransomware, the role of the CISO and new regulations such as the EU General Data Protection Regulations are outlined below.

Businesses are willing to pay a $1m ransom

Ransomware was a common trend in 2015 and is expected to be in 2016 also. Worryingly, the CSA survey revealed that nearly a quarter (24.6%) of companies would be willing to pay hackers to prevent a cyberattack. Even more troubling is that 14% indicated that they would be willing to pay an amount in excess of $1 million. This highlights the fear that many have of suffering a data breach, and it’s scary to think so many organisations would trust hackers not to follow through with an attack once a payment has been made.

The role of the Chief Information Security Officer (CISO)

Considering the impact that a major breach can have on an organisation, information security is becoming an increasingly important function. Consequently, the position of CISO has become far more popular and, according to the survey, 60.8% of organisations now have one in place to manage their information security teams.

Given that this is a relatively new position, there is a growing concern regarding the lack of skilled individuals that can be an effective CISO. Without the security professionals needed to mitigate the risk of data loss in the cloud, businesses are unable to maximise the full value of new technologies – 30.7 percent of respondents view this as a barrier. Moreover, for businesses with a CISO, there remains confusion around structure. Some argue that the CISO should report to the Chief Information Officer (CIO) – 41.8% of organisations are set-up in such a fashion. Others believe that the CIO’s mission to enable the business with new technology conflicts with the CISO’s mission to protect the company’s information and, therefore, both should report straight to the CEO – 32 percent.

New regulations

61.2% of respondents said that compliance with regulations is a major barrier to cloud migration. The upcoming EU General Data Protection Regulation, for instance, looks to have caught many companies off guard. Just under a third (31.8%) of European organisations said that they are prepared for it, and only 33.7% of American organisations are even aware of it. With new regulations coming into effect soon, these are truly shocking statistics and reveal the urgent need for IT departments, CISOs and compliance teams to work more closely to get their organisations ready.

Cloud confidence increasing

As this survey proves, barriers to cloud migration do remain but businesses are adapting quickly to overcome them. New approaches, such as hiring CISOs or elevating the position within the business have significantly reduced the fear that once existed around cloud security. 64.9% of respondents said they believe that the cloud is as secure, or more secure, than on-premises software. It’s a good thing too - while the cloud continues to provide lower cost, faster implementation and a better user experience, no business can afford to ignore cloud computing.


Further reading:

Fleeting strategic importance? 2016, the year of the CISO

Love your mobile? It can hold you to ransom


« Cyber Security Show: 3D printing still needs security to be built in


Cyber Security Show: Security the new "keeping the lights on" »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?