SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
How safe is an organisation’s data from security breaches?
Wed, 23rd Feb 2022
FYI, this story is more than a year old

The urgency of data security and privacy can't be overstated. In 2021, the global average cost of a data breach was US$4.24 million, representing a 9.8% increase over 2020. Yet the immediate costs are a trifle compared to the incalculable, lasting brand, reputation, and business damage that a data security incident causes.

Risks associated with information security threats increase minute by minute. Bad actors with malicious intent continuously evolve their strategies and attempt increasingly creative and sophisticated security breaches. The constant potential threat of cyberattacks and security breaches can be taxing on IT teams and organisations that need vigilance, resources, talent, and educational resources just to stay ahead.

The number of potential attackers is also expanding to include not only independent attackers and small groups but also state-sponsored hacking organisations that are much better organised and funded. Moreover, these larger groups can afford to devote multiple resources to breach the defences of small and large organisations over a long period of time - a level of commitment attackers once reserved only for the most strategic targets.

Unless an organisation maintains an environment that prohibits any external internet access, odds are they have already suffered a successful attack of some type, even if it's something as simple as the unauthorised release of some personal data. As former Cisco CEO John Chambers once put it, "there are only two kinds of companies: Those that were hacked and those that don't yet know they were hacked."

This isn't the internal IT organisation's fault. Today's business environment demands a level of agility and efficiency that requires organisations to open their networks in ways that would have been unimaginable until recently. That openness, while essential for keeping a business competitive, has made the job of maintaining a secure network even more difficult.

SaaS solutions offer a safe, secure environment to protect an organisation's digital resources. In a SaaS solution environment, the service provider manages infrastructure and application security, whose dedicated resources can continuously monitor systems for security breaches and threats. This, in turn, enables a faster response to any potential problem or identified security risk.

Industry-leading cloud service providers invest millions of dollars every year on their internal security measures, including:

  • Training and tools to analyse existing services 
  • Constant updates to multiple levels of protection (including network- and host-based detection and protection) 

The ability of industry-leading cloud providers to safeguard their customers' valuable data requires investments and available resources that most organisations cannot afford. Moving to a cloud service can allow an organisation to isolate and protect its internal networks and the valuable data it stores on internal systems.

In the current era of end-to-end value chain collaboration, third-party vendors and suppliers often require integration with an organisation's enterprise resource planning (ERP) system. If that ERP system is hosted in a cloud service, vendors and suppliers will never need to connect to the organisation's internal network. As a result, multi-tenant cloud customers enjoy less risk because security and uptime are dramatically better when managed by world-class experts.

A cloud environment is only as secure as the weakest link in its security chain. Therefore, organisations should employ a "defence-in-depth" strategy - multiple layers of overlapping security to safeguard customer data through each chain link. These security controls should be enforced by specialists who continuously monitor and improve the security posture to stay ahead of threats and vulnerabilities.

Article by Infor ANZ vice-president and managing director Jarrod Kinchington.