FACT: BUSINESSES ARE EXCITED about taking advantage of cloud, the Internet of Things (IoT), and mobility to drive innovation and agility.
Fact: IT departments don’t know how to secure those technologies fully.
Fact: Cybercriminals know IT is overwhelmed and are pouncing.
Security veteran Jayson Ferron, CISO at Interactive Security Training, says MSPs must spell out a harsh choice for customers: “You have to decide whether or not you want to be the target, or you want them to move past you.”
The rise of new devices and endpoints on networks has only added to IT’s already challenging job, leading to poor security hygiene, says Ian Thornton-Trump, head of security at AmTrust Financial. Organizations are “not following their standard procedures for putting something on the network. It’s all kind of done quickly, and sometimes without even the involvement of IT.”
The Big (Ugly) Picture
To address new threat vectors, it’s important to put mitigation strategies in place. Our security experts walk through a few scenarios:
Threat Vector: Cloud
Organizations are rushing to get cloud applications up and running without necessarily thinking about security, Ferron says. As a result, they’re not taking advantage of the security controls the cloud providers have in place. “It's not the cloud provider's issue; it's the people setting up the servers who are not doing all the steps,” Ferron stresses. “The exact same thing that we’ve been doing on-prem we should be doing in the cloud.” And don’t forget to test it, he adds.
For his part, Thornton-Trump says the No. 1 mitigation strategy is to understand what security controls are available. Second, he says, “is really come up with a security control approach that’s based on risk.”
If organizations don’t have the skill set for cloud security, Thornton-Trump advises bringing in an expert partner or getting a third-party review. “I think that would catch a lot of these problems. But, again, it’s whether or not the business is prepared to make that investment.”