There’s no denying the benefits that the shift towards hybrid work has provided since the pandemic began. Workers have been allowed to take Zoom meetings from the comfort of their own homes while wearing pyjamas if they really want to, using their laptops and mobile devices to communicate with co-workers in the office or from their own homes if they want.
However, those same luxuries aren’t always afforded to IT teams, who are still responsible for preventing and minimising the impact of potential data breaches even when their co-workers aren’t in the office. IT teams don’t have total control over the traffic coming in and out of their co-workers’ personal devices, even if they’re accessing critical company data.
Coupled with the influx of personal devices that aren’t necessarily protected to the same degree that firm devices are, gives attackers opportunities to compromise that data, which can have consequences. Breaches have been on the rise in Australia since the pandemic partly due to the shift to hybrid work and the increased number of unprotected endpoints.
What is the cause of most breaches in Australia?
Most of these breaches in Australia are caused by malicious attackers gaining access to IT systems, often via an unpatched vulnerability in their software being exploited. However, the number of security breaches caused by human error is growing at an even faster rate.
This includes anything from using a weak password like “password” that anyone can easily guess or sensitive company data being emailed to the wrong person.
What’s becoming apparent is that technology is becoming smarter at blocking security breaches, but humans are getting worse at it. According to Gartner, almost every security breach (99%) will be caused by the user by 2025 as opposed to a technology failure.
What’s also become apparent is that security breaches are becoming inevitable for every company that hosts sensitive information, which should be all of them. Organisations aren’t helpless in preventing breaches, though, as leaning on the security offered by cloud-native software like ERP allows organisations to host data on world-class public infrastructure rather than leaving it in the hands of users and their unprotected devices.
How has remote work exacerbated the situation?
Traditional business tech as we used to know it is now referred to as “on-premises” legacy software, as it is installed and managed from a centralised location or office. This could be anything from a word processing program or an operating system. Businesses have used this legacy software for decades, given workers used to exclusively work from these centralised locations, allowing information technology teams to monitor and control traffic flow.
Once the software is installed, the vendor no longer has any oversight into its performance. Vendors can issue patches or fix any known vulnerabilities on their end, but it’s up to individual clients to implement these updates. With the rise of hybrid workplaces, workers using systems that can be monitored from a centralised location is no longer the reality.
How can cloud storage be best leveraged?
If workers want to ensure their systems and data is secured no matter where they work, they need to leverage cloud-native software that’s hosted on the vendor’s infrastructure, such as ERP systems. Cloud software is typically hosted by one of the handful of major public cloud providers such as Amazon Web Services, Microsoft Azure, Google Cloud, etc.
These are among the largest tech firms globally and stake their reputation on having the best cybersecurity in the market, protecting their servers. As such, public cloud providers spend billions on securing their infrastructure, so they seldom see breaches from attackers, and when they do, it makes the headlines in every tech publication around the world.
By securing your company’s data in a public cloud, businesses have a much easier time protecting their employee and customer data from attackers no matter where they choose to work from. One of the few criticisms of cloud computing is how expensive it can be to decommission legacy systems that have been used to run the firm since it was founded.
Why is cloud storage a cost effective option?
SMBs often use legacy software not just for day-to-day operations, but also to manage critical and sensitive data like employee and customer records. With IT budgets typically constrained as is for SMBs, moving to the cloud can be seen as an excessive expense.
However, the price of a security breach can be much more costly than simply securing that data in the first place and can even send a company out of business should sensitive data become compromised. What’s more, personal information is incredibly lucrative to attackers, and without cloud-based security, this data becomes an attractive target for criminals.
It’s also much more expensive in the long run to continue propping up legacy software beyond its lifespan than it is to move to the cloud, whether there’s a data breach or not.
But suffering a security breach has and can be the end of a business entirely. According to IBM and The Ponemon Institute research, addressing a security breach costs an average of US$3.86 million, a price the majority of businesses don’t have. The research also found that employees working from home are less diligent about identifying security breaches, taking an average of 325 compared to 311 days for those working in the office.
With the value of sensitive company data exploding in recent years, businesses need every tool at their disposal to minimise the impact of security breaches should they occur. There’s only so much a small organisation can do to prevent unforeseen attacks. Leaning on the security features offered by cloud-native software can enable a business to innovate with the comfort of knowing their data is truly safe, no matter where employees choose to work.
Andy Brockhoff is the President APAC at Unit4.