KUALA LUMPUR (Jan 19): The rapid adoption of cloud during Covid-19 spotlights critical need for strategic vision, according to KPMG Management & Risk Consulting Sdn Bhd.

KPMG said with continued lockdowns and restricted movements around the world, businesses took to the cloud to foster remote working environments, continue reaching their customers online and to protect their data.

It said the remarkable acceleration of cloud services adoption during the pandemic is not a temporary trend, and it is vital to ensure that these services are governed and monitored by corporate IT, risk and cybersecurity professionals who understand today’s emerging threats and regulatory requirements.

In a statement today, head of IT-enabled transformation at KPMG in Malaysia Alvin Gan said cloud investment was considered the third most important technology investment during the onset of Covid-19.

“But in the rush to shift online, businesses may have taken an ‘act now, ask questions later’ approach to their digital transformation and cloud implementation.

“This could mean some sizeable gaps in their cloud security, leaving them vulnerable to new forms of cyberattacks,” he said.

Gan said the 2020 KPMG/Harvey Nash CIO Survey revealed that four in 10 IT leaders reported their companies had experienced an increase in cyberattacks last year.

“Unless they begin enacting crucial steps to better govern their cloud security solutions, an attack on their system becomes a matter of ‘when’, not ‘if’,” he said.

Gan said holding the threat landscape at bay requires security teams to move well beyond manual asset management and configuration, access reviews and incident playbooks.

He explained that a "shadow cloud" concerns the use of cloud infrastructure, services and applications outside the boundaries of an organization's corporate IT policies.

Gan said these solutions will usually result in an increased risk of exposure for corporate data, personally identifiable information and intellectual property.

He added while cloud-based email offers much-needed flexibility to businesses enduring today’s disruptive pandemic, the convenience can also unknowingly grant access to crafty hackers at anywhere, anytime.

“This has given rise to large-scale business email compromise (BEC) attacks.

“Common cloud-based email services often come with a suite of authentication and monitoring capabilities as add-ons, which should be carefully maintained to effectively detect malicious activity,” he said.

Gan also stressed that security teams must not be complacent and should ensure they adapt their incident response procedure to be effective in the cloud.

“Maintaining customer trust in such a volatile situation is more challenging than ever before.

“Companies should move boldly and strategically to better safeguard their enterprise assets and customer data, ensuring they have the right systems and controls in place to protect their business, their customers, and avoid a cybersecurity breach which can result in reputational and financial damage,” he said.