With only weeks to go before Star Wars: Episode IX - The Rise of Skywalker hits the big screen, fans may now be contemplating what the latest edition to this endearing franchise might bring, with many looking back to where The Last Jedi left off. The latter was a film where nothing seemed to go to plan, with every character failing in their mission at some point. Whether it was Rey's search for a mentor to teach her the ways of the Force, or Finn and Rose's doomed trip to Canto Bight.
But more than being a story about failure, it was about what it means to fail and how it's what you do about it afterwards that counts.
There have been many similar series of events for different characters throughout the films' history, showing how it's the twists and turns that life takes that helps one learn and give you the strength to overcome other, often more sophisticated threats. And anyone in business with a responsibility for security must have empathy for this need to constantly learn and try to get on the front foot when protecting their organisation's vital assets.
Just as in the Star Wars Galaxy the cyber sphere is a dangerous place and attacks can come in any guise and from any location just when you are least expecting it. And like the Dark Side, hackers are constantly trying out new techniques to get their hands on what they perceive as having value.
The Oracle and KPMG Cloud Threat Report 2019 (CTR) showed just how vast the nature of these techniques for attack can be. For example, in the area of attack techniques, Canada, the UK and Australia found email phishing the most likely to break down their defences, although businesses across Singapore blame zero-day vulnerabilities, while customers in the United States say malware is the biggest problem they are likely to face.
When it came to the way people are being attacked, Australia was most concerned with nation state-based attacks, as were leaders in the US, but they were equally as worried about malicious insiders. The latter was the biggest issue with IT leaders in Singapore. The differences over what needs the most protection differed too; in the US, Canada and the UK, companies were more concerned about the security of their ERP or supply chain applications, while Asian businesses cite protecting mobile devices, CRM systems and identity servers.
So, with such a range of different challenges and evolving threats, how can businesses best withstand these security threats? Is it even possible to stay secure when doing it alone?
If we were to read between the lines of the Rise of Skywalker trailer it would seem that the latest threat will be only be overcome by the joining up of the good.
Similarly, in the business landscape, a similar recognition of the need for scale is why we're seeing more companies turn to the cloud, putting their information into one environment, which they know to be safer than if they were to try and protect their assets on their own.
In fact, the CTR report clearly showed this: 73% of companies think the cloud can offer a more secure environment than they can provide themselves on premise. It's this perception that has resulted in continued and growing cloud adoption; nearly half of businesses expect to store the majority of their data in a public cloud by the end of this year and 71% said that this data will be sensitive.
This is for a number of reasons: first, cloud providers can apply greater focus and scale to their security investments for their public cloud environments versus a company running IT in-house. Cloud providers need to run their estates as securely as possible, and must invest in the latest and most sophisticated technologies to defend any data stored in their environment against an attack. This brings me on to the second point - they can invest in the right weapons to get themselves on the front foot against attacks - proactively protecting the estate, rather than setting up on a reactionary basis. This is where automation, as a defender of business data, is coming into its own.
Cloud environments with added automation make the environment self-securing and self-repairing. They are set up to defend themselves against attack, and minimize the need for human intervention. See the difference a force shield makes in Star Wars.
Based on machine learning, these 'weaponised' cloud environments also help to eliminate human error, so prevention is actually more precise than human beings operating the environments alone. And, let's face it, patching vulnerabilities is extremely time-consuming and can cause a lot of downtime. With machine learning, the system is designed to predict and patch vulnerabilities before they even occur; and keep the system running throughout.
For this reason, it's great to see so many companies are moving their data across to the cloud, but there's still more to be done when it comes to getting on the front foot and embracing automation.
The Threat survey showed a move in the right direction; 89% of businesses have implemented auto patch management, or plan to do so within the next year, while a further 45% plan to deploy automated patch management over the next 24 months. It's a brilliant first step, but the more automated a business can become, the more preventative and comprehensive it can be with its security measures. And comprehensiveness is the key when threats are becoming ever-more sophisticated and can come in so many forms and under so many guises.
Ultimately, as the Jedi learned from previous failures, coming together in one force - or a cloud environment - will help you stand the best chance against invasion. As our defences become stronger and we learn from our mistakes, so too do cyber-attacks and attackers.
Machines can protect systems in a way humans just can't and, for that reason, automation is going to be the way forward as companies look to protect their estates in a battle-ridden landscape. As the level of sophistication of cyber-attacks increases, cloud with automation is going to be the only way to stop what was once thought unstoppable.
The writer is Senior Director, Manageability & Security Experts, Oracle APAC [email protected]