• Existing enterprise security stack, including security controls such as data loss protection, cannot scale to the cloud.
• New controls to secure container-based workloads, lockdown cloud configurations and encrypt data in the cloud are still being deployed.

Many organisations still do not have sufficient security for their cloud deployments despite the widespread transition to cloud computing.

Many organisations have transferred their legacy applications to infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) platforms and have also expanded their use of software as a service (SaaS) to meet enterprise application requirements, resulting in a broad distribution of sensitive information across a variety of cloud platforms.

Mohammed Al-Moneer, Regional Director for the Middle East, Turkey and Africa at Infoblox, said that the existing enterprise security stack, including security controls such as data loss protection, cannot scale to the cloud and new controls to secure container-based workloads, lockdown cloud configurations and encrypt data in the cloud are still being deployed.

As of the end of 2020, he said that many organisations have still not implemented necessary cybersecurity to protect this far more distributed user base. 

“Email, a vital and essential tool, remains the top threat vector used to attack both government and businesses of all sizes. Despite training and warnings, users continue to open suspicious emails, both in their business and personal accounts. They click on malicious email attachments and URLs and view websites not generally associated with business use,” he said.

According to Infoblox’s Quarterly Cyberthreat Intelligence Report for the fourth quarter of last year, Email, social media and collaborative software have created more vectors than ever for threat actors to target organisations while Infection from malware can result in the loss of sensitive data and open channels for threat actors to target more victims.

“Proprietary business information is at risk when workers use personal and business instances of applications such as Office 365 on the same machines, collaborate within clouds and connect to an ever-increasing number of SaaS clouds that are not work related and not sanctioned by their IT department,” Al-Moneer said.

However, he said that many cybersecurity procedures and security controls used within enterprise facilities cannot provide the same level of security for remote locations. 

Move to new controls needed

The on-premises legacy enterprise security stack will not work for remote workers without significant redesign, planning and a move to new security controls to support distributed infrastructure and cloud deployments, he said and added that Domain Name System (DNS) security can be configured to protect teleworkers but many organisations don’t yet have the additional protections and visibility that DNS security deployment would provide. 

“The same is true for expanded threat intelligence data – it can be tremendously useful, but only if you have it. The situation is further complicated by teleworkers who must use personal “untrusted” devices to access critical corporate resources and information,” he said. 

For all of these reasons and more, he said that cyber threats remain alive and well and the threat actors will innovate, adjust and sustain proven methods in 2021. 

“Rogue nation-states and organised crime will continue to build on their offensive capabilities. Accurate intelligence about timely, relevant threats enables an organisation to make thoughtful, targeted improvements to its defences and lower its risk,” he said.

Related posts:

• Board directors rate cybersecurity as the second-highest source of risk for enterprises
• World Economic Forum highlights failure of cybersecurity measures as a top “short-term risk”
• Six trends shaping the cybersecurity outlook for 2021
• Different approach to cybersecurity is needed as the current approach is unsustainable