Cybersecurity has become a priority for middle market organizations, and many have moved to the cloud to better protect their digital assets. In fact, according to RSM’s most recent MMBI Cybersecurity Report, “around 91% of executives feel their data is more secure in the cloud.”
If your organization hasn’t yet made the move to the cloud, it may be time to begin planning your data migration. But while the cloud enables several technology gains, it may not be the complete “set it and forget it” answer that management is looking for. Your cloud vendor is only responsible for the security and reliability of your infrastructure inside its platform, which leaves many vulnerabilities cyber criminals can exploit.
Regardless of your business’ size and industry and considering the limited security offered by cloud providers, you should assume that your organization will be targeted. By taking a proactively defensive approach to cloud security, you can reduce the likelihood of a breach. Here are some key concepts to consider.
91% of executives feel their data is more secure in the cloud, according to RSM’s most recent MMBI Cybersecurity Report
Start with a strong foundation
Creating an effective cloud-based security system to protect your infrastructure is not unlike protecting a home you’re building. The smaller the structure, the easier it is to manage; a larger footprint can allow you to add on to the home as your needs dictate. Either way, a solid foundation is key.
In the same vein, making security integral to your planned cloud migration is critical. Since virtually every major data breach over the past two decades can be traced to a lack of foundational security, you’ll want to take a strategic approach and invest adequate time and resources in the planning stage. Outside guidance from experienced advisors can prevent many headaches and complications down the road.
You’ll also want to prioritize identity access management (IAM) tools like multi-factor authentication and password management as early as possible. It’s been estimated that 86% of data breaches have occurred because bad actors used false credentials to gain access. Other significant break-ins occur because of lax oversight of employee and contractor access and failure to cancel credentials from former employees.
86% of data breaches have occurred because bad actors used false credentials to gain access.
Know what your cloud provider covers
Cloud vendors have invested vast sums into protecting their clients’ digital assets, but these protections may actually contribute to a false sense of security for many organizations.
It’s easy to think that since your provider has state-of-the-art 24/7 security, you won’t need to invest as much in protecting your assets in the cloud. The reality is that cloud vendors make sure your company’s infrastructure built inside its platform is secure, but areas like application management, network configuration, and encryption are your responsibility—and they’re also where your defenses may be weakest.
96% of executives familiar with the GDPR said preparing for emerging privacy laws and regulations is a priority. That’s likely because organizations that need to observe strict regulatory requirements are under additional scrutiny. To meet tough compliance rules you may need security measures that go above normal standards. These issues should be addressed in the early stages of your digital migration so they are an integral part of the overall security design.
Also, be aware that cloud providers do not all offer the same security. If you migrate from one cloud to another, be sure that you perform all security checks.
Insure against a breach
In addition to the important work of safeguarding your digital assets, your organization will want cyber insurance as a safety net in case of an attack. But be aware that this coverage won’t be cheap. 70% of respondents in RSM’s 2023 Cybersecurity Report noted increased policy premiums; only 2% saw a decrease. At the same time, the number and expense of cyberattacks in recent years have overwhelmed insurers, forcing them to increase premiums by nearly 30% and reduce coverage in many cases.
Even companies with good coverage report that their insurers are auditing security protocols to make sure adequate protection is in place. If you face a costly breach that your organization could have avoided with better security measures, an insurer can deny your claim. Ideally, you’ll have cyber coverage and cyber security that complement each other.
Your organization will want cyber insurance as a safety net in case of an attack.
of respondents noted increased policy premiums
of respondents noted decreased policy premiums
of premiums have been increased due to the expense of cyberattacks
Avoid “double gaps” with better coverage
If there is a subset of organizations most at risk for cybercrime, it’s likely companies with 5,000 employees or fewer. To attackers, these businesses appear as big targets with valuable digital assets. And they’re also most likely to be in a “double gap,” which refers to having two large cybersecurity vulnerabilities.
These organizations may have a security policy and structure that was state-of-the-art five years ago but hasn’t been updated as it should, leaving a dangerous opening. They also tend to rely on their hard-working IT teams to maintain digital operations and keep cyber defenses secure, but they may not have enough experienced security professionals to handle the volume of threats coming from every direction.
“If you want to go far, go together”
Before you can begin your migration to the cloud, there are several questions that need to be answered. Otherwise, you may find that your digital transformation doesn’t deliver the expected security and cost savings. Working with experienced, trusted advisors at RSM, you can benefit from an outside perspective of your security needs, a 360-degree view of risk, and customized solutions purpose-built for your organization.
This article was written by RSM US LLP and originally appeared on 2023-11-01.
2022 RSM US LLP. All rights reserved.
RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.