santiago silver - Fotolia
A recently published report into cyber security by the Institute of Directors (IoD), entitled Cyber Security: Underpinning the Digital Economy, makes for interesting reading. Around one in eight of those surveyed said they had been the victims of a cyber attack but the report contained the startling admission that only 28% of those attacks were reported to the police.
This suggests either a lack of faith in the police’s ability to track down and prosecute those responsible for the attacks or a reluctance to admit to having fallen prey to cyber attack. I’m inclined to believe it’s the latter. Which is bizarre because if any business had been the victim of a physical attack or burglary, it wouldn’t hesitate to report the incident to the police.
The report found that of those attacked, the biggest damage for half of them was the interruption to business, while 11% suffered a financial loss.
A majority of organisations in the survey (59%) revealed that they had outsourced their data storage, a figure which the IoD stated was “only set to increase due to its financial advantages for organisations”. But a very significant 43% admitted that they did not know where their data was stored. The IoD thought this was “a truly frightening statistic. It effectively means businesses are losing control of their organisation’s data which may well be the biggest asset of a business”.
From a technology point of view, however, I suppose it’s quite impressive that so many organisations are able to function just as effectively, if not more so, and it has become irrelevant where their data is stored.
However, there’s more to technology than technology, if you see what I mean. While it’s true that the cloud can store and deliver a company’s data storage, there are business implications (not to mention issues of control, accountability and manageability) around it that aren’t as clear as they are for on-premise storage.
As Professor Richard Benham, professor of Cyber Security Management, warns in the report, companies need to be aware that “the cloud is someone else’s server”. As a consequence, “cloud and IT providers must be challenged to demonstrate the security protocols they have in place and their disaster recovery plans”.
The good news for the channel is that with so many IoD members being directors of SMEs, “they will naturally look to outsource cyber security”. So much so, that channel partners with strong cyber security credentials will be in a strong position to attract these customers. “Sophisticated cyber abilities are likely to become one of the key determinants in selecting an outsourced IT supplier,” Professor Benham says.
But just because customers recognise the value of a certain skill or ability, that doesn’t mean they’ll be prepared to pay the right price for it. Don’t forget that the prime motivation for businesses opting to use the cloud for data storage is the financial advantage it provides compared to on-premise storage. Making that data as secure, or more secure, than the existing internal storage solution might involve an extra expense that they haven’t prepared themselves for.
In addition, when you consider that so many seem unconcerned about where their data is being stored, it hardly inspires confidence that they will be prepared to give the security of that data the proper attention and scrutiny it deserves.