More than 50% of Hong Kong companies are concerned about their data being at risk in case of a ransomware attack, but only a few are currently using public cloud data backup services that could help mitigate the impact of such malware infections, research indicates.
“Only 15% of enterprise respondents said they are using data backup on public cloud although there is a high level of awareness for this type of service,” said Professor John Bacon-Shone, associate dean of the Faculty of Social Sciences and Director of the Social Sciences Research Centre at the University of Hong Kong (HKUSSRC).
He was citing a key finding in the Ransomware and Cloud Readiness survey presented yesterday by HKUSSRC and BSA The Software Alliance.
The survey was conducted in two phases – a baseline survey from March 28 and April 24 before the WannaCry ransomware outbreak and a follow-up survey from June 29 and July 12 in the aftermath of WannaCry.
Corporate respondents came from major vertical industries, such as manufacturing, construction, real estate; import/export trade; retail; accommodation and food services; information and communication; and finance and insurance to name a few.
Security issues dampen adoption
Bacon-Shone said over 50% of respondents have cited security issues as the primary reason for not using data backup services powered by public cloud.
“The top three security issues cited were confidentiality considerations, safety concerns and no confidence in security,” he added.
According to the survey, over a third of Hong Kong companies are backing up data more than three times a week. However, more than 75% of them have adopted a non-cloud option for their primary data backup, despite widespread awareness of the availability data backup services on public cloud. What’s more, nearly 80% have said they are unlikely to consider data backup on the public cloud in the future.
“Recognition of the importance of having data backup is critical, but taking concrete steps to perform offsite secure backup which may include public cloud backup is a different story,” said Bacon-Shone.
He noted that local regulation has long required data users to safeguard personal data from unauthorized or accidental access, processing, erasure, loss or use.
“The new EU law on data protection – the General Data Protection Regulation – is due to become enforceable in May 2018. This will include much stronger sanctions (of up to 4% of global annual turnover or €20 million, whichever is greater) and requires a risk-based accountability.
“This is why there is an essential need for companies to implement offsite secure backup, which may include public cloud backup, but will require careful choice of trustworthy providers of backup services,” he added.
Conduct due diligence
Tarun Sawney, senior director of APAC at BSA, said that companies should conduct due diligence before choosing a cloud service provider to deliver data backup services.
“When considering the choice of trustworthy providers of cloud services, companies should carefully consider the quality of service offered, particularly in relation to the four key pillars – privacy, security, compliance and transparency,” he said, adding that they should check whether these providers are compliant with international and national standards such as ISO 27018, ISO 27017 and ISO 27001.
Meanwhile, he noted that the survey findings showed companies in Hong Kong currently lack an understanding of what the cloud has to offer in enhancing their overall cybersecurity defense strategy.
“There is a staggering gap between the level of awareness and the actual efforts local enterprises undertake in protecting themselves against future cyberattacks. Experts have said that having more than one way of backing up is probably the way to go. And public cloud data backup offers a very cost-efficient option for business,” Sawney said.
First published in Computerworld Hong Kong