Think outsourcing data to the cloud decreases your risk? Think again.

November 09, 2015

Many IT companies think that if they outsource their data storage to the cloud, they are less likely to suffer a data breach, or that the cloud storage company will be responsible if there is a breach. Generally, this is not true.  Here’s what you need to know about cyber-attacks on technology service companies.

Cloud storage is increasing, and so is cyber loss

In the technology services sector, use of cloud storage is on the rise. Estimates say that 65% of tech companies will use cloud service providers by 2016. That makes the cloud an easy mark for a hacker.

Cyber loss by technology services companies is increasing too. In fact, tech companies are over three times more likely to experience a cyber-incident, like a data breach, than other types of companies. The number of cyber incidents involving tech service companies using cloud computing providers rose 164% between 2011 and 2014.

Understanding the problem

Data breaches can affect any size company, in any industry at any time. The two largest types of data loss are personal privacy and personal financial identity. Personal privacy consists of a person’s name and address, drivers’ license number, email address and so on. Personal financial identity information includes credit and debit card details, social security numbers, banking financial records, net worth and investment records, and  details of asset ownership.

With this kind of information up for grabs, it’s no wonder people will pay a lot of money for it, making hacking a very lucrative venture. On the so-called dark web, for example, where personal information is bought and sold, a credit card number might be worth about $5, but online banking information could be worth $200 or more.  This type of information is typically sold in lots of 100 or 1000 pieces of data, and there’s plenty of it available.

If it’s your data, you pay

Most contracts with cloud providers push the responsibility for the costs of a data breach to the tech services company, not the cloud company. If your database isn’t secure, the responsibility lies with you. If your data is breached, you will probably be responsible for the cost. Check the contract with your cloud service provider to be sure. The median cost of a data breach has been estimated at $150,000, and small companies are as vulnerable as large ones.  This cost will only increase as more regulations are passed regarding what action needs to be taken by companies that collect sensitive data.

Protecting yourself and your customers

Some people assume data in the cloud is safer than it is anywhere else, while others assume that keeping their data in-house lets them protect it better. The security of data, whether it is in the cloud or on a server in the next room, is only as good as the protocols that are put in place to protect it.

If you keep your data on a local server, you probably know the best practices to keep it secure: make sure all devices that access the data are protected with strong passwords, use multi-factor authentication, only send data that is encrypted, and educate users on the importance of protecting the data. If you use a cloud computing provider, it is incumbent upon you as an IT professional to ensure that your cloud provider is taking adequate steps to keep your data safe. Many people assume cloud computing companies take steps to protect their data, but that can be a costly assumption.

Adding a cyber-insurance policy to your company’s liability protection can protect you from the costs associated with a data breach, and can give you access to specialists who will assist you with your response to a breach. With cyber incidents on the rise and the associated costs increasing, it pays to protect yourself.