Time is passing: Although a Fortune 500 company discovers a serious vulnerability every 12 hours, it takes less than 45 minutes for an attacker to scan a large number of vulnerabilities on the Internet to find vulnerable corporate assets.
To make matters worse, bad actors are increasing exponentially, highly skilled IT professionals are a scarce resource, and the demand for contactless interaction, remote work arrangements, and agile business processes continues to expand in the cloud environment. All this puts the organization’s attack surface—the sum of the corners and crevices that hackers can snoop—at risk.
Gene Spafford, a professor of computer science at Purdue University, said: “We have seen a series of fairly stable attacks against different sectors, such as healthcare, transportation, food supply, and shipping.” Improve. People don’t see themselves as victims until something happens—this is a problem. It’s not taken seriously enough as a long-term systemic threat.”
Organizations must understand where key entry points are in their information technology (IT) environment and how they can reduce the attack surface in a data-driven, intelligent way. Digital assets are not the only project at risk. The organization’s business reputation, customer loyalty, and financial stability all depend on the balance of the company’s network security status.
To better understand the challenges facing security teams today and the strategies they must adopt to protect their companies, MIT Technology Review Insight and Palo Alto conducted a global survey of 728 business leaders. Their response and the input of industry experts provide an important framework for protecting the system from more and more bad actors and fast-moving threats.
Vulnerabilities in the cloud environment
The cloud continues to play a key role in accelerating digital transformation — and for good reason: the cloud provides tremendous benefits, including increased flexibility, huge cost savings, and greater scalability. However, cloud-based issues accounted for 79% According to the “2021 Cortex Xpanse Attack Surface Threat Report”, the observed risk exposure is compared to 21% of local assets.
“The cloud is really just another company’s computer and storage resources,” said Richard Forno, director of the graduate cybersecurity program at the University of Maryland in Baltimore County. “It’s there, and this creates security and privacy issues for companies of all sizes.”
Even more worrying: 49% of survey respondents said that by 2021, more than half of their assets will be in the public cloud. “95% of our business applications are in the cloud, including CRM, Salesforce, and NetSuite,” said Noam Lang, senior director of information security at network security software company Imperva, referring to popular subscription-based applications that handle customer relationship management . But while “the cloud provides greater flexibility and easier growth,” Lang adds, “it also brings huge security challenges.”
Part of the problem is that IT teams can start cloud servers at an unprecedented speed. “From a security perspective, the pace at which we work in the cloud makes tracking all required security upgrades more challenging,” Lang said.
For example, Lang said that in the past, deploying local servers required time-consuming tasks, including lengthy purchases, deployment activities, and firewall configuration. “Imagine how much time our security team needs to prepare for the new server,” he said. “From the moment we decided to increase the infrastructure, it would take us weeks or months to actually implement any server. But in today’s cloud environment, it only takes five minutes to change the code. This allows us to move faster. Business, but it also brings new risks.”
download Full report.
This content was produced by Insights, the custom content division of MIT Technology Review. It was not written by the editors of MIT Technology Review.