Is a lack of security understanding placing UK businesses at a disadvantage?

The lack of security education is a big problem

It is well documented that UK businesses are at an increased risk of suffering from a cyber-security breach. The overarching suggestion is that this is down to a lack of education about the threats organisations are facing, reinforced by the recent Global State of Information Security report by Pricewaterhouse Cooper. According to the report, 69% admitted to having succumbed to a security breach. In fact, businesses in the UK suffered 10% more attacks than companies elsewhere in the world in the last 12 months.

There is good news, which is that 55% of companies plan to increase their spending on IT security in 2015. With this in mind, it is important to consider where this budget will be spent. Will companies look to invest in their own IT infrastructure and systems, or will they look to cloud-based services that would provide viable alternatives to the traditional approach?

Spending money in the right places

There are two steps to effectively using cloud services that companies should take. Firstly, businesses should engage with Cloud Service Providers (CSPs) that specialise in delivering security solutions via the cloud.

Many antivirus companies provide cloud-based enterprise solutions as well as their traditional on-premise options. This enables easier management and distribution of security services to all users no matter where they are located. Other cloud-based security services include Mobile Device Management solutions, security monitoring of log files and alerts, vulnerability management, and data leakage prevention.

Secondly, companies should consider moving key business applications to the cloud to enhance security. There are a number of cloud-based solutions for enterprise class email, as well as Customer Relationship Management systems and accounting solutions. By using cloud-based infrastructure or Platform-as-a-Service solutions, companies should also look to migrate their own legacy applications to the cloud.

This would provide many advantages to businesses, including performance, scalability and availability. In many cases the providers offering these solutions can probably do so more securely than companies can from their own in-house data centres.

Security is still a top concern

A recent survey conducted by Databarracks found that 81% of respondents identified security as one of their top concerns for engaging with the cloud. Interestingly, the survey went on to state that of the companies which do engage with CSPs, only 44% continue to cite security as an issue, with the reputation of the provider becoming a greater issue.

Even with more businesses engaging with the cloud and citing the CSP's reputation as a key issue, security remains a cause for concern. These findings reflect that before engaging with a CSP, there is an element of the unknown and a certain amount of trepidation in trusting data or part of an organisation's IT infrastructure to a third-party. Once that fear has been overcome and the engagement is ongoing, the element of uncertainty and mistrust dissipates.

Bitdefender's experience is that UK businesses are often more risk-conscious than their European and US counterparts. Many are slow to adopt new technologies, preferring to wait and see how others may fare using new solutions. However, given the growing cyber-threat facing many UK businesses, the fear of the unknown of using a CSP should trump the fear of the likelihood of suffering from a security breach.

  • Alexandru Catalin Cosoi is Chief Security Strategist at Bitdefender