Most businesses have critical cybersecurity gaps finds study

MANAMA: Most organisations have critical cybersecurity gaps due to talent shortages, legacy mentalities, over-engineered security tools, and unclear ownership of specific cloud stack components, shows a new report.

The third-annual Oracle and KPMG Cloud Threat Report 2020 study of 750 cybersecurity and information technology leaders around the world, however, also finds that cloud infrastructure holds promise of empowering innovation, reducing costs, and improving cybersecurity resilience.

Many business teams feel increased pressure to adapt and innovate in this new Covid-19 commercial ecosystem and scalable cloud infrastructure and cloud-based digital platforms offer an attractive option for meeting targeted customer needs while reducing overheads, says the report.

As many as 90 per cent of companies are using Software as a Service (SaaS) while 76pc are using Infrastructure as a Service (IaaS) today; and 50pc expect to move all of their data to the cloud within two years.

However, as KPMG Fakhro head of cybersecurity services Logan Simpson noted, “Often there are missed connections between the business, compliance, information technology, cybersecurity, and risk management units. These communication, process, and relational trust gaps between teams often trigger the opposite result and cause the cloud solutions to introduce critical levels of enterprise cyber risk instead of capitalising on the many improved security features of cloud architecture.”

The study shows IT professionals are using a patchwork of different cybersecurity products.

More than three-fourths (78pc) of organisations use over 50 discrete cybersecurity products, whereas 37pc use more than 100 cybersecurity products.

However, cloud security products usually need to be procured, implemented, and maintained separately from the on-premise security products.

Often this additional overhead is not factored into the total cost of ownership when the decision is made to migrate.

Growing cloud consumption has created new blind spots as IT teams and cloud service providers work to understand their individual responsibilities in securing data.

Shared responsibility security models are causing confusion; only 8pc of IT security executives state that they fully understand the shared responsibility security model.

An overwhelming number (92pc) of companies admitted they have gaps between their cloud usage and the maturity of their cloud security programme, while 75pc of IT professionals have experienced data loss from a cloud service more than once.

KPMG Fakhro advisory partner Manav Prakash said, “A co-ordinated approach to managing cloud security is required. The survey determines that as cloud adoption continues to increase rapidly, there is a need for security teams to upskill/add new skills, to be embedded in cloud outsourcing discussions early on, to understand deeply the shared responsibility model so as to be able to identify and importantly, manage the risks on an ongoing basis.”

Source: http://www.gdnonline.com/Details/825071/Most-businesses-have-critical-cybersecurity-gaps-finds-study