Cloud technology has been an integral component in paving the way for organisations across industries to undergo digital transformation. Globally, 50 per cent of organisations are adopting a cloud-native approach to support both employees and customers, and the number of connected devices is expected to climb to 55.9 billion by 2025.
In Malaysia, we’ve also seen swift progress in cloud adoption – with the most recent milestone being the upgrade of the Malaysian Government’s Public Sector Data Centre (PDSA) into a hybrid cloud service called MyGovCloud. The pace of cloud adoption is expected to accelerate following the government’s decision to provide conditional approval to Microsoft, Google, Amazon, and Telekom Malaysia to build and manage hyperscale data centres and cloud services in Malaysia.
With cloud-based systems becoming a key component of organisations’ operations and infrastructure, malicious actors have been turning to the cloud, taking advantage of weaknesses in cloud security to perform various malicious activities – leading to new complexity regarding effective attack surface risk management.
Why Malaysian Businesses Need Better Risk Management
The shift to the cloud and dramatic increase of connectivity gives malicious actors new and often unmanaged attack vectors to target.
As revealed in Trend Micro’s semi-yearly Cyber Risk Index (CRI) report, 67 per cent of organisations in Malaysia report they are likely to be breached in the next 12 months – indicating a dire need for local organisations to be better prepared in managing cyber risks.
To better reduce the risk of cyberattacks, enterprises must first understand how cyberattackers are exploiting the cloud for their own benefit and bridge security gaps by proactively anticipating data breaches.
One of the most common ways that organisations put themselves in a vulnerable position to be attacked is through misconfigurations of the cloud. While misconfigurations might seem straightforward and avoidable, they are the most significant risk to cloud environments – making up 65 to 70 per cent of all security challenges in the cloud. This is especially true for organisations that have been pushed to migrate quickly to the cloud since remote work became the new norm.
Malicious actors are also turning to low-effort by high-impact attack strategies in gaining access to cloud applications and services. On top of exploiting new vulnerabilities in an enterprise’s network, cyberattackers will persistently exploit known vulnerabilities from past years as many enterprises still lack the ability to get full visibility on environments that are left unpatched.
How Malaysian Businesses Can Stay Prepared
Since criminals can execute their attacks more effectively, they can also target a larger number of organisations, potentially leading to an increase in overall attacks. Organisations now have much less time to detect and respond to these incidents, and this will be expounded as the business model of cybercriminals matures further.
With that in mind, enterprises must strengthen their security posture foundations to defend against evolving cyberthreats. Among the key cybersecurity strategies to adopt include:
1. Automating everything
We live in a world where skills shortages and commercial demands have combined to expose organisations to escalating levels of cyber risk. In the cloud, it leads to misconfigurations and the risk of knock-on data breaches, as well as unpatched assets which are exposed to the latest exploits. The bad news is that cybercriminals and nation states are getting better at scanning for systems which may be vulnerable in this way.
Better digital attack surface management starts with the right tooling. Solutions such as Trend Micro Cloud One enables and automates platform-agnostic cloud security administration and cloud threat detection and response, which can help security teams improve efficiency of threat investigation and response, as well as reduce the risk of a security breach.
2. Empowering employees with resources and tools to ensure cloud operational excellence
Many enterprises are already well on their way in the world of cloud, with more and more security teams using cloud infrastructure services and developing cloud-native applications. However, this can often be a steep learning curve for cloud architects and developers – leaving gaps in protection, compliance, and visibility.
To improve the situation, organisations need to provide resources to employees to ensure that the cloud service configurations adhere to industry best practices and compliance standards. One such way is to use tools that automatically scan cloud services against best practices, relieving teams from having to manually check for misconfigurations.
3. Adopt a Shared Responsibility Model
Clouds aren’t secure or insecure, they’re as secure as you make them. Instead of “who is more secure – AWS, Azure, or Google Cloud?” ask “what have I done to make all of my clouds as secure as I need them?”
Security in the cloud works using the Shared Responsibility Model – which dictates who is responsible for any operational task in the cloud and security is simply a subset of those tasks. Security self-service for the cloud is fully here in all its forms, and understanding this model is critical to success in the cloud.
While increased cloud adoption allows organisations to be more agile, scalable, and cost-efficient, the benefits of using cloud services and technologies are no longer just reaped by legitimate companies, but also cybercriminals who keep up with the trend. As criminals accelerate attacks and expand their capabilities, businesses must adopt a solid cybersecurity strategy to stay a step ahead.
Goh Chee Hoh is the Managing Director at Trend Micro Malaysia & Nascent Countries.