With the rapid growth in cloud strategies, the cyber-security landscape and cloud-focused cyber-threats have increased multi-fold. In fact, recent reports observed around 3.1 million external attacks on cloud user accounts just during the Q4 of 2020. This makes cloud security even more important because you are no longer in total control. For example, when a user chose to run applications on either a public or hybrid cloud, the user is effectively putting the trust in a third-party vendor. It is therefore critical that businesses understand that the cloud and its security is a shared responsibility. Sanjay Manohar, Managing Director, McAfee Enterprise India, in an interview shares his take on cloud security explaining multiple contours of it. Excerpts.
Securing the cloud has never been more critical. Practically every business today is operating on some kind of a cloud network and database. The pandemic has only accelerated what was always on the cards for businesses – a cloud-focused business approach. Despite the challenging times businesses have had to endure over the past year, cloud computing has helped organisations of all sizes decrease their capital overheads, operate at scale, and assist in managing their IT infrastructure – all while working remotely.
At McAfee Enterprise, our solutions such as MVISION Cloud allow businesses to build data protection policies by monitoring access to applications sanctioned by third-party applications and ensure that enterprise data does not exfiltrate through risky third-party applications.
Do you think cloud compliance is the key to better management of cloud infrastructures?
As the threat landscape grows in sophistication, cloud compliance and security become increasingly prominent. The challenge is that data privacy and security implications, along with legal and regulatory concerns, are all magnified in the cloud. A single data breach could possibly impact millions of users in a matter of seconds. Meeting the standards of present and emerging compliance regulations across geographies continue to be one of the biggest challenges for businesses operating in the cloud in 2021.
Cloud compliance, simply put, is about having the right procedures to comply with regulatory standards of cloud usage in accordance with industry guidelines in addition to local, national, and international laws. Any cloud-first strategy, as innovative as it may be, drawn on the back of a poorly implemented cloud compliance policy can send businesses on a downward spiral including legal expenses, customer distrust, or even customer loss. This makes it essential for enterprises to reap the benefits from the agility and flexibility that the cloud provides, backed by a solid understanding of how its compliance can be achieved. Continuous compliance, therefore, helps businesses identify the risks while also being prepared to identify, respond, and recover from a disruption.
With the recent rise in data breaches, what are the best practices that employees and customers must adopt to stay safe from ever-evolving threat actors?
Cyber-attacks have been around for a while now, however, the more recent spike of data breaches and ransomware attacks have crippled critical infrastructure and revealed that no enterprise – big or small, is safe from these insidious cyber-attacks. Adhering to a few easy but critical steps can help both employees and customers stay safe while working remotely:
- Use a VPN: Using shared and unsecured Wi-Fi networks can allow cybercriminals to snoop on you, putting your personal and corporate data at risk. A strongly encrypted VPN can help keep sensitive data away from prying eyes.
- Don’t go phishing: Phishing is one of the most common methods hackers will deploy to target unsuspecting employees to access sensitive data.
- Separate personal and business devices: While working remotely, sharing your company’s devices with family members who are unaware of optimum security practices, can lead to serious data concerns. It is advisable to keep company accounts separate from personal accounts to prevent any data leaks through personal channels.
- Adhere to company policy and standards: Understanding your company’s confidentiality agreements and policies when it comes to sharing/storing files and other online communication is essential in ensuring data security. If unsure, always check with the company’s IT team before you share anything.
- Leverage security software tools: Adding an extra layer of security with comprehensive security solutions can help protect your devices from potential cyberthreats. Further, updating the devices’ software at regular intervals also helps your device mount an effective protection against such threats.
How is McAfee navigating the changing paradigms of cybersecurity for its customers and employees?
The past year has been disruptive for almost all the sectors, but more so for cybersecurity. At McAfee Enterprise, we believe in the power of working together, as we oversee 622 million total endpoints, 525 million consumer endpoints, 97 million enterprise endpoints, and 69,000+ enterprise customers. We have always been cognizant of our responsibility towards our employees and customers.
What are some of the major threats that McAfee has seen evolve in the last year and how have various sectors been affected due to the recent rise in cyberattacks?
While the world continues to grapple with movement restrictions and sustained remote work challenges, security threats continued to evolve in complexity and volume. As per our latest threat report that examined cybercriminal activity in Q1 of 2021, we saw cyber adversaries shift from low-return, mass-spread ransomware campaigns toward smaller, customised Ransomware-as-a-Service (RaaS) campaigns targeting larger, more lucrative organisations.
Criminals, in the digital world, just like in the real one, constantly evolve their techniques to best maximise monetary gains with minimum complications and risk. Businesses endured more opportunistic Covid-19 related campaigns, while ransomware and malware continue to target vulnerabilities in work-related apps and processes.