Just as the number of threat actors involved in a single incident is increasing, so are the risk exposures.
It’s getting easier to deploy ransomware and malware, and that gives threat actors more access than ever before. Tools are cheap to rent and competition between ransomware providers has driven the cut that the tools’ authors are charging down from 40% of ransom to around 10-15%. In addition, some tools are being made publicly available and anyone with minimal coding skills can re-use them.
There is risk in organizations’ own behavior as well. Organizations are moving business operations into the cloud to scale operations more efficiently than they could using their own infrastructure, and are increasingly taking advantage of machine learning and artificial intelligence functionality.
Additionally, agile development is used to quickly publish data and services online to keep up with competition. This may present commercial opportunities but comes with risks if speed is prioritized over security. All of these decisions present potential threat vectors.
It’s a common mistake to expect that cloud providers will automatically provide security on your behalf. Often the tools may be there, but they are not enabled by default. In other words, you can’t just “cloud and go” and expect a secure experience.
It’s a common mistake to expect that cloud providers will automatically provide security on your behalf. Often the tools may be there, but they are not enabled by default. In other words, you can’t just “cloud and go” and expect a secure experience.
