The future of cybersecurity is in the cloud

There was a time, not too long ago, when many businesses feared the cloud. During my time working in counterintelligence for the FBI, we feared the Internet so much that agency computers functioned solely on an isolated intranet connected via hard cables. We’ve come a long way since then, transforming our fears into opportunities. The utilisation of the cloud today has become ubiquitous – we store our photos and memories, email accounts, business files and our very identities there.

Singapore is the most cloud-ready country in the world[1] and its local enterprises, of which 99% are SMEs[2], seem to agree. In fact, more than half of Singapore businesses plan to adopt a hybrid cloud strategy within the next 18 months[3]. A recent IDG survey also found that cloud adoption has become one of the leading business revenue drivers[4]. Businesses, especially SMEs, have grown to realize the value of the cloud – from uplifting productivity to lowering costs.

But that’s not all the cloud can do. Just as moving data to the cloud has proven to improve business performance, deploying cybersecurity in the cloud can strengthen a business’ defence with capabilities that support real-time threat detection and response. There has been significant progress in cloud adoption, but it’s time to reach new heights by recognising cloud as a transformative agent.

The need for a transformative agent

The global WannaCry and NotPetya attacks last year have thrusted ransomware into every business leader’s consciousness. The first worldwide cyber-pandemic compromised more than 300,000 computers across 150 countries, evidently proving that the threat of ransomware is not an idle one. Ransomware is increasingly leveraged as an exploit, suggesting three key points:

1) Businesses continue to place security on the back burner:

SMEs in Singapore are alarmingly exposed to common cyber threats. Almost a quarter (23%) of SMEs perceive sensitive data security as a concern, and perhaps even more worrying is the fact that a third of all local SMEs have no cyber protection at all[5].

2) Current security practices are inefficient and deficient:

Only 40% of local SMEs are confident that they are adequately protected against cybersecurity risks, with anti-virus software being the most common measure of protection[6].

3) A cardinal change in our approach to cybersecurity is not only warranted, but critical:

Cyberattacks have a domino effect on economies, and Singapore can face a potential loss of US$17 billion due to cybersecurity incidents[7]. This makes up almost 6% of the total GDP, of which 50% of contributions are from SMEs.

Today, attackers are innovating rapidly, utilizing advanced capabilities to easily get through orthodox endpoint security measures. SMEs leveraging legacy cybersecurity solutions, such as traditional Anti-Virus (AV) will severely fall victim to these modern attackers. The key flaw in AV is the assumption that if it finds malware, it has stopped the threat. In fact, that is not the case as malware is just one piece of the attack (and not always a necessary one). Attackers today create different ways to introduce malicious codes onto endpoints without AV detecting these new files.

It is more important now than ever for cybersecurity to transform itself into an active profile that hunts today’s attacks as aggressively as it predicts the threats of tomorrow – and there is no greater transformative agent than the cloud.

To predict and defeat attacks in real time, cybersecurity must move to the cloud. The cloud can leverage big data and instant analytics over a myriad of end users to instantly address known threats and predict threats that seek to overwhelm security.

Cloud security is the future of cybersecurity

A cloud-based endpoint security solution provides SMEs with a proactive and predictive approach. This involves monitoring the normal and abnormal behaviour or events on endpoints and then comparing that activity to vast stores of data from other endpoints (a process also known as streaming analytics). Leveraging the insights from this process, the cloud then creates a threat monitoring system, allowing it to detect and predict attacks, even unrecognisable or new ones.

The cloud has been a transformative force for businesses that decreases costs and improves productivity. Similarly, running endpoint security natively in the cloud greatly simplifies its operation. Costs and complexity related to infrastructure management disappear, which means SMEs can deploy faster and spend money where it counts. The cloud also enables automatic updates, removing the need for resources – an area where SMEs are organically limited.

Cyberattacks continue to disrupt our way of life with innovative new approaches. Security must in turn actively work to disrupt the cyber spies, attackers and terrorists through a collaborative security approach that leverages big data and analytics that thrive within the cloud. With near infinite storage and processing power, the cloud can become a global threat monitoring system. Rather than focusing on the introduction of new files, the cloud monitors all types of behaviours and identify anomalies from across the globe. This feeds into a regular, ongoing analysis that enhances defences by updating threat models and prevention policies immediately across all endpoints.

We’ve come a long way from my days on the FBI Intranet. It’s time to fully embrace the future of security, and that future is within the cloud.

- Eric O'Neill, National Security Strategist, Carbon Black -


[1] The Cloud Readiness Index 2018, Asia Cloud Computing Association, 2018

[2] SMEs are at the heart of our economy, Ministry of Communications and Information Singapore, 3 March 2017

[3] Why most Asian companies look to managed services to address IT challenges, Networks Asia, 24 April 2018

[4] 2018 Digital Business Survey, IDG, 3 April 2018

[5] Only 14 per cent of local SMEs intend to internationalise, QBE Research, 29 January 2018

[6] Cyber security – a growing concern for Singapore SMEs, Beazley, 17 November 2016

[7] Cybersecurity threats to cost organisations in Singapore US$17.7 billion in economic losses, Microsoft, 18 May 2018