Cyber Attacks Demonstrate Why The Cloud Is Safer

Computer systems from the Ukraine to the United States were affected by the Petya cyber-attack. It’s similar to the recent WannaCry ransomware attack. 

The WannaCry ransomware took advantage of vulnerabilities in the older versions of Windows that allowed the infection to spread. All someone needed to do was click a malicious link and, bang! they were infected. That is, if they hadn’t installed the patches and updates.

These attacks are a reminder of why the cloud is a safer place to do your computing.

The parade of attacks in recent years have forced enterprise IT to become more diligent about holistic security. These attacks are successful when security is not holistic, such as when patches and fixes are not applied.

But the generalised security fears have also caused many IT organisations to delay the adoption of new technologies, such as cloud computing. There’s a sense that something new, especially something managed by others, will make things more vulnerable.

Actually, the opposite is true.

Using the public cloud makes you less likely to get attacked and breached. The layers of security in the cloud are more than a deterrent for most attacks. The cloud providers proactively monitor these clouds, and they quickly spot and quickly block them. And they automatically apply operating system, application, and service patches and fixes are automatically behind the scenes.

Extremely few IT organisations do the same. The cost of security is just too much for most enterprises to bear, and most can’t keep up with all that needs to be done to keep their systems and users secure enough from WannaCry, Petya, and other malware that shut down systems.

Enterprises should not run in place when these attacks occur, but instead do a “look in the mirror” assessment around the state of systems and security. You’re likely to find deep issues that can’t be solved overnight. From there, you’ll need to plan the “to be” state of things, including how data, processes, PCs, mobile devices, IoT devices, and other elements are going to be secure.

As you undertake that effort, you’ll find that using the cloud is becoming the best fit for security. It may be counterintuitive to those who equate hands-on control with effective control, but it’s simply true.

The cloud has had outages, yes, just like enterprise IT systems. But no major cloud provider has fallen victim to all the malware attacks of the last few years. What does that tell you?

Infoworld

You Might Also Read: 

Eight Steps For Cloud Security:

Directors Report June 2017: Cloud Security Analysed For Management (£):

 

« Ukraine Accuses Russia Of Ransomware Attack
Russia Suspected As Hackers Breach Power Plant Systems »

Perimeter 81

Directory of Suppliers

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

WEBINAR: How to build an effective Cloud Threat Intelligence program in the AWS Cloud

WEBINAR: How to build an effective Cloud Threat Intelligence program in the AWS Cloud

Thursday, Jan 28, 2021 - Join this webinar to learn how to improve your Cloud Threat Intelligence (CTI) program by gathering critical cloud-specific event data in the AWS Cloud.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Cysec Resource  Co.

Cysec Resource Co.

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

Qolcom

Qolcom

Qolcom is a leading UK based integrator of secure wireless network and mobile device management solutions.

OEDIV SecuSys

OEDIV SecuSys

OEDIV SecuSys (previously iSM Secu-Sys) develops high-quality IT software solutions, setting standards as a technology leader in the area of identity and access management.

Centro de Gestion de Incidentes Informaticos (CGII)

Centro de Gestion de Incidentes Informaticos (CGII)

CGII is the Computer Incident Management Center of the State of Bolivia.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

6point6

6point6

6point6 is a technology consultancy with strong expertise in digital transformation, emerging technology and cyber security.

Fairfirst Insurance

Fairfirst Insurance

Fairfirst Cyber Insurance protects your business assets against the complexity of cyber threats.

SearchInform

SearchInform

SearchInform is a leading risk management product developer, protecting business and government institutions against data theft, harmful human behavior, compliance breaches and incomplete audit.