Back @ IT Take: Cybersecurity Is Taking A Hit - Could It Be A Good Thing?

Thursday, March 11, 2021

Let’s Set The Stage

Recently, Microsoft on-premise Exchange Servers were attacked by a group called HAFNIUM and other actors as well. Oddly enough, Hafnium is a chemical element that in certain states is known to spontaneously combust. I don’t know if this was the group’s intent or not, but needless to say, the cybersecurity world is abuzz with the combustion of this attack.


This attack took, according to Microsoft, “advantage of unpatched systems to attack organizations with on-premises Exchange Server” and were detected as 0-Day Exploits.


A Good Thing? You’ve Got To Be Kidding!

If anything, life has taught many of us that hard-knocks are going to happen, but it’s important to learn from them and improve yourself.


Attacks in the cybersecurity realm could be thought of in the same light, in an oversimplified way. They make big tech firms sit up and pay attention, and allows tech security companies to take advantage of the climate as it’s on top of minds. 


More importantly, though, is that it helps create improvements to harden the security. In actuality, it’s a cat and mouse game between security teams and companies, and hackers. This back-and-forth has been going on for quite some time, but really does bring the importance of security to the forefront.


But, really, a good thing? Recently, the company Snyk, pronounced “sneak” and an acronym for “so now you know”, quadrupled its valuation to $4.7 billion in a year’s time. It may seem fortuitous that this announcement came out when it did, but I’m sure Snyk will use these recent events to capitalize on their current success.


But, we can all capitalize on these events as well to take stock of our systems and ensure security is in place in the right areas, reset passwords, check that things are backed up, etc.


Cloud Diversification / Multi-Cloud

Something could be said for having a single-cloud environment in place (ease of deployment and management), but the opposite could be said as well as noted by Oracle and Google.

The rise of hybrid-cloud or multi-cloud is continuing and will see many enterprise organizations take advantage of this approach.


When executed well, multi-cloud can help prevent the risk of a single point of failure (SPOF) which is the easiest to exploit, as well as diversify the “toolset” that you can utilize in your IaaS and SaaS approaches.


The Back @ It Take:

There are bound to be pros and cons regarding single-cloud and multi-cloud, but the choice, and onus, is really on you. You will need to determine the amount of risk you can be comfortable with and if you have risk mitigation measures in place depending on the scenarios.


Ideally, my recommendation would be a multi-cloud approach with the realization that many cloud providers have a “shared responsibility” model regarding data. However, many companies don’t have the resources to implement something like this and need a simple, easy-to-manage approach. And, that’s ok as long as risk is considered as I mentioned above.


So, that leaves you with this question: Considering security as an important factor, which approach are you most likely to go with: Single-Cloud or Multi-Cloud?


Related DAC Content

Real-Time Alerts Help Risk Management and Business Resiliency

Back @ IT segment: Thoughts on Data Loss Prevention (DLP)

Latest IRS Scams and Schemes - Targeting Refunds and Coronavirus Economic Impact Payments

Ransomware Attacks and Your Cybersecurity Framework

California Privacy Law Prop 24 and Privacy Strategies

Discussion

There are no comment yet, be the first to ask!