A recent survey completed by Computer Weekly and TechTarget has found that cybersecurity and keeping data safe is a top priority for businesses this year. The survey was compiled across the UK and EMEA and included more than 1,500 decision makers. The results varied from the UK to the EMEA and included some important information about how business IT infrastructure is threatened by cybercriminals.
Common priorities across the regions
In the UK and EMEA, there is a priority for many businesses to switch to cloud solutions this year. In the UK this was the top priority, just beating cybersecurity. In Europe, security was more important, but cloud migration was another high importance for many of the business leaders.
Across Europe, it is expected that IT budgets are going to significantly increase when it comes to cloud solutions. Both hardware and software spending is to increase. There is also going to be significant investment in cloud security technology.
In fact, 80% of UK businesses think that their use of cloud technology over the next twelve months is going to increase. The survey largely agrees with the research other experts have released recently. Gartner has released data in the past few months that has indicated that it believes businesses will move significantly to the cloud with the cloud service industry growing by about 17.3%.
Also in the report by Garner, more than a quarter (28%) of all IT spending will be focused on the cloud by 2022. This is a significant increase of the 19% that was currently being spent by organisations when the report was released in September 2018.
The cloud has long been seen as a way for businesses to transform operations so they can be more flexible. Businesses who have migrated already have found that they are free to offer flexible working, upgrade and downgrade systems as required, and discovered several security benefits in the process.
Cloud storage taking centre stage in the UK
One thing that is really taking a priority in the UK is storage and backup via the cloud. The cloud is now seen in the UK as the top way for businesses to store data. In the research, cloud solutions priorities in the UK included cloud backup as a service, virtual server backup and public cloud storage.
Businesses also seem to be storing more than ever. According to the survey, nearly a third of businesses (32%) are storing somewhere between 10TB and 99TB of data. Just under a fifth of businesses (17%) store between 100TB and 249TB of data.
Increasing security budgets
Many business leaders think that IT security budgets are going to increase this year. According to the survey, 39% of EMEA respondents thought budgets would grow, while 34% in the UK thought the same. Experts believe that businesses are now seeing data breaches as a significant risk to their business. Therefore, they are looking to protect themselves from such issues and hoping to better comply with GDPR regulations that came into effect in May 2018.
When asked what parts of the IT environment were going to be monitored for security purposes, respondents stated that network traffic and performance were top priorities. In the UK, user behaviour was also a very high priority. This could be because internal staff are the biggest cause of cybercrimes, although this isn’t always malicious, sometimes it is because of human error.
Email continues to be a major threat for businesses
The survey found that business leaders thought that emails are still the biggest threat and the most used means of gaining access to business data. Research from FireEye has found that criminals are using new detection bypass technology and there is the continued development in impersonation capabilities of criminals.
Research in the US by the FBI has found the global cost to businesses via scam emails to be $12 billion since 2013. The problem is made harder because while employees understand that malicious emails exist and that they shouldn’t click on links that are contained in unsolicited emails, many will still do so.
To combat this, the UK is showing significant maturity in its approach. Security training is a priority for 32% of UK businesses. This was the top priority and should help to prevent employees from being the cause of many data breaches. Encryption is another area that UK businesses are going to increase spending in, followed by other email security technology.
The report has also noted that 30% of UK businesses are expected to improve multifactor authentication. This is compared to just 18% across the rest of EMEA. This might be a mistake in EMEA as there have several high-profile data breaches that have highlighted the importance of multifactor authentication (MFA) as an email security protocol. The WatchGuard Technologies CTO, Forey Nachreiner, has stated that every company in the world, regardless of size, should implement MFA in 2019.
User access is not a significant concern for businesses
User access to data is a significant problem for businesses. Yet businesses are not yet willing to take the problem seriously. According to the TechTarget survey, access control was only the sixth most important security aspect for businesses with 37% of decision-makers thinking that they should make it a priority this year.
However, the importance of user access control was highlighted recently when the UK political Labour party reported a data breach in February 2019. According to their report, a member who quit the party then accessed their database of members and accessed information only certain members of the organisation should have accessed.
Another example was reported last year when Bupa was fined by the Information Commissioner’s Office. According to the report, an employee of the health firm was caught trying to sell the records of customers on the dark web.
Morrisons also faced compensation claims after one of its employees stole information about 100,000 of his colleagues. This breach was reported before GDPR came into effect, but the judge ruled late last year that those affected could claim compensation from the grocer.
If businesses don’t take their data security seriously, especially when it comes to current and former staff, then they could find themselves facing fines and claims of compensation. This is why businesses should spend more money on user access management.