Advice for protecting internet-facing workloads.
Welcome to Cyber Security Today. It’s Monday August 3rd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. Today’s a civic holiday across Canada, so thanks for tuning in.
Organizations are increasingly reducing or closing their in-house IT systems and moving them to the Internet for what’s called cloud computing. But cloud computing comes with some security risks. If they aren’t looked after they could make trouble. I recently spoke with Avi Shua, CEO of Orca Security, a cloud security firm, which just released a study of its customers. Among the findings: More than 80 per cent of the firms have at least one internet-facing workload which hasn’t been patched for at least six months. Sixty per cent of firms have an internet-facing workload with an older operating system that isn’t getting security updates. And almost half of organizations have workloads that contain material like clear-text passwords that attackers could use to get deeper into their computer systems. Shua agrees that IT departments are doing a better job than ever at security. But, he added, cyber attackers will find and exploit the few weaknesses that can be found.
What can organizations do to improve security? Shua says IT departments must make sure security covers all computer systems. Hackers will take advantage of the few weaknesses they can find. That’s why it’s vital to get cybersecurity basics right, such as having a robust strategy for updating and patching software and using multifactor authentication to protect online access to sensitive data.
IT professionals also have to assume internet-facing workloads will be breached, so they have to keep looking for suspicious activity on internal computer networks.
Finally, accept that employees will make mistakes. Have the tools and training to find mistakes, but don’t assume you can create walls that prevent data loss.
That’s it for Cyber Security Today. A link to details about this story is in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon