Categories
Articles Cloud

Top security trends that will impact consumers and enterprises in 2019: Trend Micro report

The advancements in artificial intelligence (AI) and machine learning are going to be the top trends in 2019 to impact technology and security. These trends will be driven by growth in data volume that is processed and analyzed, rapid adoption of cloud, and development of smart products. Additionally, the fifth generation of internet (5G) that is expected to roll out in 2020, will also impact the technology and security.

Trend Micro, the leading cybersecurity and defense firm, released a new report titled “Mapping the Future: Dealing With Pervasive and Persistent Threats” which includes security predictions for 2019 and beyond. For these predictions, the experts at Trend Micro analyzed progress of current and emerging technologies, user behavior, market trends, as well as their impact on threat landscape.

Top Cyber Security Predictions for 2019

Among the cybersecurity predictions for 2019, Trend Micro mentioned the rise in actual fraud using stolen credentials, more lives will be claimed because of sextortion, and countries will witness more collateral damage. Further, cyber propaganda and fake news will decide the future of countries.

Having said that, following are the key findings and highlights of the Trend Micro Security Predictions for 2019.

  • Cases of phishing to rise in 2019

Phishing attacks are those cyber threats where attackers try to win trust of users by pretending to be a trustworthy person. They get sensitive information from users and carry out the attack. Over the years, these attackers are trying to carry out phishing attacks without much activity from users, so that they can do their work easily.

As per the report, phishing attacks are on the rise and will continue to increase in 2019. The phishing attacks will be observed in emails, SMS, messaging accounts, online banking credentials, and accounts used for cloud services.

  • Cybercriminals will target famous YouTubers and other social media personalities

Attackers will target the social media accounts of users having millions of followers. Accounts of famous YouTubers, brand influencers, and other famous personalities with several million followers are more likely to be compromised using phishing attacks.

Cybercriminals will use these accounts to attack the followers by making them join campaigns for DDoS (distributed denial of service) or cryptocurrency mining.

The stolen credentials can also be used to register in various rewards programs that can make money for attackers. The report highlights that attackers can also use stolen accounts for registration of trolls on social media for cyber propaganda.

If the attackers get access to numerous social media accounts, they can use it to add fake votes to polls, and other nasty purposes.

  • Work-from-home devices will become entry points for attackers to enterprise network

Remote-working culture is trending nowadays among enterprises, as more employees are choosing to work from home. In 2016, around 43% employees in America were working from home, up from 39% in 2012, finds Gallup.

This culture affects the visibility of enterprises to handle data movements. When employees use internet from home for using cloud-based applications and collaboration software, the IT team of the company can’t control them the way they do for devices within the company.

Hence, the remote devices sometimes become a mix of personal and enterprise network. Since, the personal devices don’t exhibit as strong security as the enterprise devices, attackers can enter the enterprise network from these remote devices.

  • Non GDPR-compliant enterprises will be penalized

EU’s General Data Regulation Protection Regulation (GDPR) that came into effect this year hasn’t exercised all its new powers as most of the companies needed more time to comply with the law. But these regulations will needed to be strictly followed in 2019, or the companies will be penalized the full 4% of their annual revenue.

To properly comply with all the points of GDPR, the companies will need to rethink of the data privacy and security technologies. Trend Micro expects that by 2020, around 75% of new enterprise apps will need to choose between compliance and security.

“While privacy and security are not mutually exclusive, efforts to ensure data privacy compliance will have a detrimental effect on a company’s ability to adequately determine the source and details of a security threat,” explained Trend Micro in its report.

  • Emails of C-level executives will be compromised

One of the primary ways for attackers to make money is to compromise business emails. As a result of this, they will get deep down to the hierarchy of the company. They will focus on the assistants or secretary of C-level executives, or a manager of finance department.

Suggested reading: Organizations have 14 misconfigured public cloud services running at any given time
  • Cybercriminals will blackmail non-compliant enterprises

GDPR will open new source of income for cybercriminals. How? Well, they will look out for companies that are not compliant with the regulations. If any non-compliant company is found, they will blackmail them and demand ransom, or the non-complaint status will be exposed.

These are some of the key findings of Trend Micro’s Security Predictions for 2019.  The full report is available here.

Image source: Trend Micro

Categories
Articles Cloud

Top 5 priorities to master competencies in selecting, buying and deploying cloud services

One of the most complicated process for enterprises is to select, buy, and deploy public cloud services and tools, while avoiding the pitfalls.

Since there are numerous cloud providers out there, the infrastructure and operations (I&O) leaders find it difficult to select the right cloud provider. Also, no two cloud providers are the same.

Choosing and managing cloud offerings is a critical skill for I&O leaders to master, given cloud computing’s central role in next-generation initiatives such as digital business, the Internet of Things (IoT) and artificial intelligence,” says Elias Khnaser, Senior Research Director at Gartner.

“Years from now, you don’t want to look back with regret, as the choices you make can have a lasting impact.”

To avoid looking back with regret, Gartner has identified five priorities that will help I&O leaders to select, buy, and deploy cloud offerings.

1. Analyze technical and architectural details of cloud providers

Technical architecture is critical for every organization, as it needs to integrate with the workflows, not only now but also in the years to come. Also, the technical architectures of most cloud platforms are large, complex and difficult to understand.

Gartner said that it is important to determine the key components of the architectures, the way they work together and affect the overall solution. Technical categories that should be prioritized should include self-service, elasticity, network access, security, regulatory compliance, and operational capabilities.

2. Understand the way cloud services measure up against requirements

I&O leaders should consider how the cloud services stack up against the key requirements and criteria of their organization. For instance, before choosing a standard cloud offering, the main requirements can be simplicity, performance, feature set, and costs.

The key requirements can be slightly different for infrastructure as a service (IaaS) and application platform as a service (aPaaS). For IaaS, the key consideration areas should be compute, network, storage, security and support. Whereas, for aPaaS, these should be application architecture components, developer tools, virtualization and hosting architecture, code deployment, life cycle management, scalability, and availability.

3. Learn about cloud provider’s approach to security and compliance tools

Nowadays, the enterprises are increasing adoption of cloud services. With that, the requirement to meet regulatory and data privacy rules to govern the process of data has also increased.

For example, EU’s General Data Protection Regulation (GDPR) applies to all enterprises that process and hold personal data of European organizations.

As per Gartner, I&O leaders should understand the approach of cloud provider to data privacy and compliance regulations.

4. Set criteria for evaluating cloud management solutions

Because of the increasing adoption of cloud services, the cloud providers today offer new cloud-native offerings. When there are several services and tools, it is important to have cloud management platforms and tools.

Hence, organizations should create a criterion to evaluate cloud management solutions, and a strategy to guide their selection and implementation processes.

5. Prepare for cloud service governance

Enterprises generally give more importance to time-to-functionality decisions as compared to planning for long-term stability and support. However, I&O leaders should take time to prepare for cloud service governance by understanding the process and architecture options.

Also read: Public cloud services revenue in India will reach $2.5 billion in 2018: Gartner

“An effective cloud account governance and design strategy provides I&O leaders with the ability to effectively scale, avoid sprawl, and reduce networking and management complexities. This helps avoid the need for disruptive retrofitting of the infrastructure months or years after it has transformed into a critical production platform,” says Khnaser.

Categories
Newss

ICANN’s application of GDPR is affecting cyber investigators from accessing WHOIS data in near real-time: Report

Cyber investigators and anti-abuse service providers report that implementation of EU GDPR by ICANN to the distributed WHOIS service is affecting their ability to access information about domain name registrations. This is causing delays in responding to cyberthreats.

Changes were made to the way organizations access WHOIS data, following ICANN’s application for General Data Protection Regulation (GDPR).

According to a joint survey of 300 respondents by the Anti-Phishing Working Group (APWG) and the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), these changes are significantly impeding cyber applications and forensic investigations and allowing more harm to victims.

The main reason of delays is that investigators are unable to access complete domain name registration data through public WHOIS service in near real-time, the way they used to before the GDPR implementation. The partial data that is available through public WHOIS services are not sufficient for investigation or to respond to incidents.

“Delays favor the attacker and criminal, who can claim victims or profit over longer windows of opportunity while investigators struggle to identify perpetrators or strip them of their assets (i.e., domain names) with limited or no access to the data that had previously been obtained or derived from WHOIS data,” mentioned APWG and M3AAWG, in the report.

Access to non-public data elements requires a minimum time of days, which was earlier possible in hours or a day.

Since the cybersecurity organizations can’t access complete WHOIS data on time, it is delaying investigations of all types. This includes cyber incidents like phishing, ransomware, as well as distribution of fake news and subversive political influence campaigns.

The report highlights that such delays allow attacks to remain active longer. It can put more internet users in harm.

Also read: ICANN will change DNS root key to strengthen security of domain name system

APWG and M3AAWG suggested that ICANN should establish a mechanism for WHOIS data access by accredited and vetted qualified security actors. Redacted WHOIS data of legal entities should be restored. Along with these, the companies concluded their analysis with more recommendations for ICANN.

Read the full report here.

Categories
Articles Web Security

Top 6 emerging cybersecurity and risk management trends: Gartner

One of the main security objective of all the organizations is to protect information confidentiality. The organizations must consider IT security and IT risk management as a part of the executive business planning. According to Gartner, the IT security objectives must be defined for the organization as a whole.

The analyst firm identified the emerging trends in cybersecurity and risk management that security leaders should harness to enhance the resilience of organization while uplifting their own position.

Top cybersecurity and risk management trends:

1. Business leaders realizing importance of cybersecurity for successful business

The senior business executives rarely considered IT security a board-level topic or a key part of digital business strategy. But the recent major cyberattacks like WannaCry and NotPetya that caused financial/brand damage and customer churn for organizations, have changed the sentiment of business leaders.

Finally, they are becoming aware of the impact of cybersecurity to achieve business goals and protect the reputation of organization.

2. Mandatory data protection practices impacting digital business plans

Personal information of customers is the lifeblood of all digital businesses. But, in the US alone, the number of companies that faced data breaches grew from nearly 100 in 2008 to over 600 in 2016.

With the rise in number of data breach incidents like Cambridge Analytics scandal or Equifax breach, the governments are issuing regulatory and legal data protection practices like Europe’s GDPR. These practices impact the digital business plans and demand more emphasis on data liabilities.

3. Cloud-first services becoming norm with advent of modern technologies

The modern technologies that require large amount of data are driving the adoption of cloud-delivered security products. These products provide more agile and adaptive solutions and can use the data in near real-time.

4. Machine learning to solve security issues

As per Gartner, machine learning will become a normal part of security solutions by 2025.

ML can efficiently address a number of security issues like adaptive authentication, insider threats, malware and advanced attackers.

5. New geopolitical risks in software and infrastructure buying decisions

Gartner identified that decisions of buying software and infrastructure are based on the geopolitical considerations of partners, suppliers, and jurisdictions. The trend is driven by rise in levels of cyber political interference, cyber warfare and government demands for backdoor access to software and services.

6. Centralized networks increasing the security risks

While there are numerous benefits of centralized networks, however, it is seriously threatening the organizational goals. Gartner said that if centralized ecosystem significantly affects the organization, then the decentralized architecture should be considered.

Suggested reading: Public cloud services revenue in India will reach $2.5 billion in 2018: Gartner

Gartner will discuss these trends at the Gartner Security & Risk Management Summit.

Categories
Cloud Cloud News Domain

Struggling ICANN comes up with temporary solution to comply WHOIS with GDPR

As the deadline for GDPR was nearing, the Internet Corporation for Assigned Names and Numbers (ICANN) came up with temporary solution to comply WHOIS with GDPR.

WHOIS is an internet protocol that is used to query databases and obtain information about registration of a domain name. ICANN asked for a year to fully comply WHOIS data privacy with GDPR, but the request was declined.

“Unless there is a moratorium, we may no longer be able to … maintain WHOIS. Without resolution of these issues, the WHOIS system will become fragmented … A fragmented WHOIS would no longer employ a common framework for generic top-level domain (gTLD) registration directory services,” argued ICANN.

The domain registration organizations who miss the GDPR’s 25 May 2018 enforcement deadline, will be fined up to €20 million or 4% of annual revenue. To avoid the penalties, ICANN announced “Temporary Specification for gTLD Registration Data”.

So, with the temporary solution, the Registry Operators and Registrars will still collect the registration data like registrant, administrative and technical contact information.

The new thing is that most of the personal data wouldn’t be available publicly. If the users want to access non-public data, they’ll have to request the Registrars and Registry Operators, with mentioning the legitimate and proportionate purpose. The request will be submitted via an anonymized email or web form.

The temporary solution will be applicable to all the registrations, and will cover the data processing arrangements between ICANN, Registry Operators, Registrars, and Data Escrow Agents.

“WHOIS is an important system, and preserving it allows it to continue to act as a key tool in the ongoing fight against cybercrime, malicious actors, intellectual property infringement, and more. This Temporary Specification, which is based on the Proposed Interim Compliance Model, aims to prevent fragmentation of WHOIS and ensure that WHOIS continues to be available, to the greatest extent possible,” said Cherine Chalaby, Chair, ICANN Board of Directors.

Also read: Microsoft and Intel collaborate with BDO and IntraEdge to launch GDPR Edge

The Board of Directors at ICANN are still looking for a permanent solution.

Categories
Cloud Cloud News Newss

Microsoft and Intel collaborate with BDO and IntraEdge to launch GDPR Edge

BDO USA and IntraEdge launched a blockchain-based solution called GDPR Edge, to support the General Data Protection Regulation (GDPR). This solution is being supported by Intel and Microsoft.

GDPR data protection rules will apply to all the businesses operating in the EU, even if they do not have any physical presence within the EU. Any company that stores or processes personal information about European citizens within or outside EU states will need to comply with GDPR.

The GDPR will be effective from 25th May 2018, and the companies who miss compliance deadline will be fined up to €20 million or 4% of annual revenue. GDPR Edge is ready-to-deploy solution that can help companies to operationalize some elements of compliance.

It has been especially designed for organizations which have highly complex environments with enormous number of data sources, customer touch points, and multiple point-of-sale systems.

The new solution will integrate GDPR into the business processes, mitigate the risks and streamline the compliance efforts on an ongoing basis. Organizations will be able to view all the transactional data at a centralized location, while providing external consent mechanism to consumers.

GDPR Edge will allow the end-users to review their personal information collected by the organizations. They will be able to modify the information and even ask for removal.

“This centralized repository can be made available to data protection authorities, auditors and data governance professionals, as well as any other data collector or processor, meaning increased accountability, information transparency, accuracy, efficiency and auditability,” says Stephanie Giammarco, Partner and National Leader of BDO’s Technology and Business Transformation Services practice.

It will run on Intel Software Guard Extensions (SGX), and will be integrated with Azure cloud and Microsoft Business Intelligence offerings. The Intel SGX is an architecture extension which increases the security of application code and data.

Also read: WordPress 4.9.6 release helps site administrators respond to GDPR compliance

Furthermore, the GDPR Edge leverages distributed ledge technology of Hyperledger Sawtooth to enable trusted governing parties, and provide consumer access and transparency. BDO has contributed its data governance, privacy and auditing capabilities to the new solution.

Categories
Cloud News Wordpress

WordPress 4.9.6 release helps site administrators respond to GDPR compliance

WordPress community unveiled WordPress 4.9.6, updated with new privacy features that will support site owners to comply with GDPR (General Data Regulation Privacy Regulation) taking effect on May 25.

GDPR data protection rules will apply to all the businesses operating in the EU, even if they do not have any physical presence within the EU. Any company that stores or processes personal information about European citizens within or outside EU states will need to comply with GDPR.

To be compliant with GDPR, the companies will have to reveal how they handle the personal data of customers. On that front, WordPress will now allow administrators to designate a privacy policy page that include all the insights about how the site handles the data.

The privacy policy page will be shown on the login and registration pages. It can also be manually added to other pages on website.

The v4.9.6 will also include a detailed guide about how WordPress and its plugins handle the data. Administrators can copy and paste the guide or required details to their privacy policy page.

The end-users who add comment on any WordPress site will have option on whether their name, email address and website are saved in a cookie on their browser.

Another new feature is that the users can request the site administrator to export all their data from the site that has been gathered by WordPress and the participating plugins. Users can also request the administrator to erase all the personal data.

The data export and erasure method will work for the registered users as well as the users who simply comment. An email will be sent to the site administrator when the request is made.

Additionally, the WordPress latest version has been updated with new maintenance features which includes a filter in the media library, and PHP pollyfills for plugins and themes. The TinyMCE has been updated to v4.7.11.

The sites that support automatic background updates will be updated to the latest version soon. And the sites on version 4.6.3 will need to be updated manually.

Categories
Articles Cloud Cloud News

Cryptojacking becoming a serious emerging threat to businesses: Cloud Security Trends report

Around 25% organizations experienced cryptojacking activities in their cloud environment in 2018, up from just 8% in last quarter, according to Cloud Security Trends report by RedLock.

RedLock’s Cloud Security Intelligence (CSI) team published the report to shed light on the cloud security trends in 2018.

  • Cryptojacking becoming mainstream

The report highlighted that cryptojacking, a cyber-attack where hackers hijack processing power of target to mine cryptocurrency, is becoming a serious emerging threat to the businesses.

Organizations are aware of the attacks against cloud and use several practices to prevent from attacks, but still the attack vectors are on the rise. The cryptojacking increased by more than thrice this year.

The cryptocurrency mining requires a lot of computing power, and hence the attackers are stealing cloud computing resources to mine it. CSI team found that some attackers were using advanced evasion techniques for cryptojacking.

  • Majority of resources do not restrict outbound traffic

85% of the organizational resources related to security groups didn’t have any firewall restrictions on outbound traffic, up from 80% a year before. This could lead to accidental data loss and data exfiltration in data breach incidents.

RedLock suggested that organizations should implement a ‘deny all’ default firewall policy, monitor network traffic to identify suspicious activities, and monitor the user activity as well for any abnormal behavior.

  • 43% of access keys not rotated in last 90 days

Another key finding of the report was that 43% of organizations had not changed their access keys and credentials in last 90 days. It’s a big concern because despite the past issues like leaked credentials in GitHub repositories, a majority of organizations left themselves open to attack vectors.

Around 17% organizations suffered from potential account compromises, and 51% organizations publicly exposed one or more cloud storage service.

  • 20% organizations allowing root user activities

A positive finding of the report was that only 20% of organizations allowed root user account to be used for performing the activities, down from 73% last year. The root user accounts should not be used for regular operations. The multi-factor authentication should be enforced on root user accounts, and should be monitored for any suspicious behaviors.

  • 49% of databased not encrypted

With the growing trend to encrypt databases because of cybersecurity standards like GDPR (general data policy regulation), the database encryption has increased. Last year, 82% databases were found unencrypted, which has now decreased to 49%.

CSI team further revealed in the report that 24% of organizations had hosts missing critical patches in public cloud. This left the host vulnerable to suspicious traffic from internet.

Also read: 25% of businesses had their data stolen from public cloud: McAfee Study

“We understand why there might be fatigue with endless reports on IT infrastructures that lack adequate security, and there are signs that corporations are stepping up initiatives to minimize vulnerabilities, but there’s definitely more to do,” said Gaurav Kumar, CTO of RedLock and head of the CSI team. “That’s why this report not only shines a light on emerging dangers but also offers concrete advice on how best to ward off attacks. Cloud computing environments bring tremendous flexibility and great economies of scale, but those advantages are meaningless without top-level security. This is a constant and shared responsibility.”

Categories
Articles Cloud Cloud News

Only 40% companies will meet GDPR compliance deadline: 2018 GDPR Compliance Report

The deadline for General Data Protection Regulation (GDPR) compliance is just three weeks away, and around 60% of the companies are likely to miss the deadline, as per the 2018 GDPR Compliance Report by Crowd Research Partners.

GDPR is a kind of regulation that will require companies to protect the information and data of EU subjects and those who are dealing in any goods or services with the EU citizens. First approved and adopted by the parliament of EU in April 2016, it will generally come into action from 25th May 2018.

With this, the companies that are falling under European Union countries will need to comply with strict rules revolving around collection and usage of customer data, enforceable by the new GDPR law.

Here, the companies will need to implement strict data protection policies to safeguard the user data, like IP information, cookies, name, contact or address and ensure that it is not publicly available.

  • Only 40% companies will be GDPR compliant by deadline

In last year’s survey, it was found that only 5% companies were in full compliance for GDPR. The number hasn’t improved much till then, with only 7% companies indicated compliance readiness in the latest GDPR compliance survey.

According to the report, 33% of the companies expected to meet all the compliance requirements before the deadline.

32% companies had started the compliance process but were not sure about meeting the deadline. Whereas, 28% had plans but hadn’t made any progress.

GDPR compliance prepared

  • Half of the companies quite familiar with GDPR

50% of the companies had either deep knowledge or were quite familiar with GDPR regulation. Whereas, one quarter of the companies knew some details about GDPR.

What’s shocking is that despite the publicity surrounding GDPR, 25% of the companies had either very limited knowledge or no knowledge at all.

GDPR compliance familiarity

  • Majority of companies consider GDPR compliance a priority

Most of the companies (80%) considered GDPR compliance a top priority, with 34% counting it among top three priorities, and 46% counting it among a number of priorities.

Whereas, 20% of the companies were not even counting GDPR compliance a priority.

GDPR compliance priority

  • Top GDPR Compliance challenges

The lack of expert staff (43%) and lack of budget (40%) were the primary challenges for companies to become GDPR compliant, revealed the survey.

The other significant challenges for GDPR compliance were limited understanding of regulations (31%), lack of necessary technology (23%), and lack of management support (20%).

GDPR compliance challenges

  • GDPR compliance efforts will increase data governance budget

56% of the companies expected rise in their data governance budget to tackle the GDPR compliance challenges. 39% companies believed that it would neither increase nor decrease their budget, while only 5% expected a decline.

  • Majority of companies expect to make minor changes in security practices

The survey respondents cited cybercriminals (60%) and accidental loss by employees (57%) as the biggest threat to their organization’s data.

To become GDPR compliant, 28% of the companies said that they would need to make major changes to their security practices and systems.

A majority of companies (56%) expected minor changes, whereas 16% expected no change at all.

GDPR compliance changes

  • Majority of companies to spend at least 500 staff hours this year on GDPR efforts

Around 77% of the companies said that they would need to spend at least 500 staff hours this year on GDPR compliance.

Whereas, 23% expected to spend more than 1000 hours this year on the GDPR compliance efforts.

GDPR compliance time in efforts

  • 63% companies will take more than two months (from survey date) to become GDPR compliant

Majority of companies (63%) said that they would need more than two months from the survey date, to become GDPR compliant. 37% expected to spend at least two months more, whereas 14% will need more than 48 months.

Also read: Microsoft, Facebook, and other tech companies sign cybersecurity accord to not assist government in cyberattacks

For the comprehensive report, the IT, cybersecurity and compliance professionals in 400,000-member Information Security Community on LinkedIn were surveyed.

Images source: 2018 GDPR Compliance Report 

Categories
Cloud Cloud News News

25% of businesses had their data stolen from public cloud: McAfee Study

One-in-four businesses experienced data theft from a public cloud, and one-in-five businesses experienced an advanced attack against their public cloud infrastructure, as per a report released by the cybersecurity firm – McAfee.

The report, “Navigating a Cloudy Sky”, is based on the sampling of 1400 IT personnel, and was released at the RSA Conference in San Francisco.

The report outlined the current cloud adoption state, concerns with the public and private cloud services, security implications in the cloud and the impact of unmanaged cloud usage.

It was found that inadequate visibility and control were the greatest challenges to cloud adoption in any organization. However, the business benefits of cloud and availability of modern cloud security tools outweighed any security concerns, helping it move ahead.

“Despite the clear prevalence of security incidents occurring in the cloud, enterprise cloud adoption is pressing on,” said Rajiv Gupta, senior vice president of the cloud security business unit at McAfee. “By implementing security measures that allow organizations to regain visibility and control of their data in the cloud, businesses can leverage the cloud to accelerate their business and improve the security of their data.”

Other findings of the report have been summarized here:

  • Rise in cloud adoption

McAfee found that the number of businesses who used public, private and hybrid cloud had increased from 93% to 97% in the last one year. The rise in cloud adoption was significant at the hybrid cloud front.

Of the businesses who used any kind of cloud services, 88% of them stored sensitive data in the public cloud. 69% of the businesses trusted public cloud to keep their data safe. Whereas, 16% stated that they stored no sensitive data in the cloud.

61% of the businesses said that the most common sensitive data stored on the cloud was the personal information of their customers. 40% stored internal documentation, payment card details, personal staff information, and government identification data. Whereas, around 30% stored intellectual property, healthcare records, competitive intelligence and network pass cards in the cloud.

  • Malware attacks have increased

The highlight of the survey report was that one in every four businesses who used IaaS, PaaS, or SaaS cloud service had their data stolen, and one in five had experienced an advanced attack against the public cloud infrastructure.

Furthermore, the malware attacks against the cloud applications rose from 52% to 56% over the course of one year. 25% of the businesses said that the malware was injected to the cloud by phishing.

  • Decline in ‘shortage of cybersecurity skills’

The positives from the survey were that the ‘shortage of cybersecurity skills’ and its impact on the cloud adoption in the organizations had decreased.

The number of organizations who reported ‘no skills shortage’ increased from 15% to 24% in one year.

Of the organizations who reported ‘skills shortage’, only 40% reduced the rate of cloud adoption, compared to 49% last year.

  • GDPR to fuel cloud adoption

With General Data Protection Regulation (GDPR) coming in action next month, the service providers will have to ramp up their compliance efforts. With the better compliance and security in the cloud, the businesses will be more confident about cloud adoption.

Only less than 10% businesses said that they might decrease their cloud investment because of GDPR.

Key takeaways – recommended security practices

  • Integration of development DevOps and DevSecOps within the business environments can improve the quality of coding and reduce the vulnerabilities.
  • Automation that brings together the human advantages and machine advantages are critical for modern IT operations. The use of tools like Chef and Puppet can be useful on this front.
  • The use of a unified management platform across multiple clouds, rather than multiple management tools for multiple cloud, can reduce the costs and increase the security.

Also read: McAfee Cloud Workload Security with container support to aid enterprises accelerate cloud business with compliance and security

Page 1 of 2
1 2