The easiest way would be to say that the worst is behind us… this optimistic position unfortunately does not apply to IT security issues.
If 2020 has been an unprecedented year in terms of threats, the year 2021 may be even more painful. During the first wave of the pandemic, companies were able to reinvent themselves with incredible agility. Most of them have made a leap forward by deploying digital resources in record time. This rapid digital transformation has opened many holes that hackers will continue to exploit in the coming months. In this context, it is urgent to anticipate these threats and to deploy the right measures.
Pandemic and IT security: unprecedented growth in attacks
The reorganization of digital resources due to the shift to massive teleworking has created a real call for air for computer attacks. In the last 9 months of 2020 alone, the number of malicious actions has increased by 660%. The first containment has indeed generated huge security vulnerabilities. There were many breaking points: shadow IT and the use of personal equipment, the implementation of remote collaborative tools and the generalization of the use of data hosted in the cloud.
Cloud data and applications: a new source of threat for businesses
The pandemic has acted as a technology accelerator: the migration of companies’ digital resources to the cloud has increased considerably in the space of a few months. The new mission of CIOs is now to create cloud configurations adapted to the needs of their business. The challenge is in particular to configure spaces that are fully secure and capable of accommodating all of the organization’s data. These should also be saved. A first good practice is not to consider only the size of the cloud but also to deal with other hosted elements such as applications and data shared and produced by third-party customers.
Closely monitor the application hosted in the cloud
A characteristic flaw in cloud configurations comes from the applications that are hosted there. These are indeed real entryways for pirates. Very often, they are developed without having been certified from the point of view of their resistance to attacks. 2021 will be a pivotal year for application security compliance issues. Today, most companies do not have the sufficient level of expertise internally to be able to verify this compliance. These organizations also do not have sufficient financial resources due to budgetary restrictions to hire experts in this field. However, it is on this precise point of the cloud architecture that hackers risk concentrating their attacks.
Engage in solutions adapted to this new threat
It is therefore necessary to take the initiative in order to ensure that the risks associated with application hosting are at least under control and in line with the company’s overall security policy. There are alternatives for organizations that do not have sufficient internal resources. The first, which mainly concerns mid-size structures, consists in ensuring that the deployed applications systematically meet the security standards recommended by their cloud provider. The latter have certification and rating criteria for these applications. The second, reserved for larger organizations, will be to use external firms who will be able to tailor-made solutions.
The issues of computer security are reminiscent of the dilemma of Sisyphus condemned in Tartarus to make a rock roll eternally up a hill to the top of a hill, which came down each time before reaching the top. The next few months will be decisive for IT managers. Despite the budget cuts weighing on the operational room for maneuver, it is essential to counter attacks which will ultimately be much heavier in terms of financial impact. After this migration of their applications to the cloud, companies will be stronger and less exposed to external attacks.