The cloud has become very popular as businesses look to it for ways to save money and get more done. Gartner predicts that spending on the public cloud around the world will come close to $500 billion. But moving to the cloud isn’t the end of a company’s cyber travels.

Users and cloud service providers each have to do their part to keep things safe. Businesses are responsible for keeping their customers’ information safe. This includes protecting data stored on the cloud and in other parts of their infrastructure, like internal networks.

Unfortunately, security breaches that let sensitive data get out are common. They can happen because of things like open APIs or incorrectly set up AWS S3 buckets. When it comes to cloud access, security professionals have to think about a number of things, such as who gets access, what kind of authentication they use, and how often they use the cloud.

This is not going well for many businesses. Many people still use spreadsheets to keep track of user names and passwords because they don’t have a sophisticated security plan. If users have to send an email to a member of IT or security to get their credentials, the company is taking a huge risk in an expensive area.

IBM’s Cost of a Data Breach Report 2022 found that phishing ($4.91 million per breach), business email compromise ($4.89 million per breach), and stolen or hacked credentials ($4.5 million per breach) were the three most expensive ways to attack credentials.

Security should be more of a priority for companies. Keeping track of credentials in a spreadsheet was never a safe way to do it, and making the information more secure doesn’t have to be hard or cost a lot of money. Here are the first things to do.

Take another look at the company’s culture.

People are very good at coming up with ways to get around security measures that make it harder for them to reach their goal. They don’t know how to judge risks well. For example, because Netflix passwords are a mix of letters and numbers, many employees use them at work too.

Here, philosophical differences and making policy start to meet. People are a business’s best asset and also its biggest cybersecurity risk. The World Economic Forum says that 95% of all cybersecurity problems are caused by mistakes made by people. This has an effect on how businesses spend their money and use their assets.

When dealing with these problems and deciding how to use resources, business leaders must keep a sense of balance. It can be tempting to put security last in order to invest in new features that will bring in more money, but in the long run, this will only make the company more vulnerable to cyberattacks. By putting enough money into security, a company can get an edge over its competitors and make itself stronger.

If you can, get covered by insurance.

Getting cyber insurance can improve the security and resilience of an organisation. Without insurance, it would be too dangerous to work in many fields. It’s not as simple as just filling out a form, though.

Fitch Ratings says that premiums will go up by 74% in 2021 as insurers try to cut their risk exposure. Before their insurance policies will cover them, many businesses have to show that they have strong endpoint detection and response (EDR) and multi-factor authentication (MFA) for network access. Beazley says that a business is more than twice as likely to be hit by ransomware if it hasn’t set up multi-factor authentication. Cyber insurance companies often mention PAM (privileged access management) measures as a way to qualify for coverage. When it comes to PAM controls, even the simplest password manager is better than a vulnerable spreadsheet with sensitive information.

Cyber insurance companies are now a big part of getting people to use the latest security technology. Taking these safety measures also makes businesses more attractive as candidates for insurance policies.

Figure out what makes the cloud different.

Most of the time, only the internal network of a company is taken into account when it comes to protecting its data. Before making sure that getting into the bubble was safe, all bets were off. Workers were very sure of themselves and had easy access. When you work in the cloud, it’s harder to figure out which identities can be trusted to use which resources, and it takes longer to set up the bubble.

Moving to the cloud could change a company’s cyber environment and make it more likely that it will be attacked. Multi-factor authentication (MFA) and strict PAM restrictions are needed to know where passwords are and how users are getting in.

What used to protect a company’s network on-premises a few years ago won’t work in the cloud. Experts must look at security through the lens of “zero trust,” taking into account everything from account information to authentication methods, to make sure that cybersecurity teams give access responsibly and don’t put their organisations at risk.

Any company’s move to the cloud is an exciting time, but it’s up to cyber leaders to make sure that there are enough security measures in place so that security can keep up with how quickly businesses come up with new ideas.

Summary

Businesses use the cloud to save money and get more done, which makes it more popular. Businesses need to keep customer information safe in the cloud and other infrastructure. Many companies fail because they use spreadsheets to keep track of user names and passwords. Companies should look at their security culture and do more to keep themselves safe. 95% of cybersecurity problems, which affect how businesses allocate their assets, are caused by human error.

Executives need to balance security with new ideas. Cyber insurance needs sophisticated endpoint detection and response (EDR) and multi-factor authentication (MFA). PAM measures are often used to get insurance, but a simple password manager is better than a spreadsheet that could be hacked. Providers of cyber insurance help people use new security technology. Because of how the cloud works, it is harder to keep data safe.

Zero trust is a method that experts must use to make sure that cybersecurity teams are giving access without putting their organizations at risk. Cyber executives need to set up enough security to keep up with how fast business moves.