Connect with us

Hi, what are you looking for?

HEADLINES

Humans cause nine out of 10 data breached in the cloud

Companies expect cloud providers to be responsible for the safety of data stored on their cloud platforms. However, around 90% (SMBs (88%) and enterprises (91%)) of corporate data breaches in the cloud happen due to social engineering techniques targeting customers’ employees, not because of problems caused by the cloud provider.

Incidents in public cloud infrastructure are more likely to happen because of a customer’s employees rather than actions carried out by cloud providers, according to a new Kaspersky Lab report, ‘Understanding security of the cloud: from adoption benefits to threats and concerns’.

Companies expect cloud providers to be responsible for the safety of data stored on their cloud platforms. However, around 90% (SMBs (88%) and enterprises (91%)) of corporate data breaches in the cloud happen due to social engineering techniques targeting customers’ employees, not because of problems caused by the cloud provider.

Cloud adoption allows organizations to benefit from more agile business processes, reduced CAPEX and faster IT provision. However, they also worry about cloud infrastructure continuity and the security of their data. At least a third of both SMB and enterprise companies (35% SMB and 39% enterprise) are concerned about incidents affecting IT infrastructure hosted by a third party. The consequences of an incident may make the benefits of cloud redundant and instead evoke painful commercial and reputational risks.

Even though organizations are primarily worried about the integrity of external cloud platforms, they are more likely to be affected by weaknesses far closer to home. A third of incidents (33%) in the cloud are caused by social engineering techniques affecting employee behavior, while only 11% can be blamed on the actions of a cloud provider.

Advertisement. Scroll to continue reading.

The survey shows there is still room for improvement to ensure adequate cybersecurity measures are in place when working with third parties. Only 39% of SMBs and half (47%) of enterprises have implemented tailored protection for the cloud. This may be the result of businesses largely relying on a cloud infrastructure provider for cybersecurity. Alternatively, they could have false confidence that standard endpoint protection works smoothly within cloud environments without diminishing the benefits of cloud.

“The first step for any business when migrating to public cloud is to understand who is responsible for their business data and the workloads held in it. Cloud providers normally have dedicated cybersecurity measures in place to protect their platforms and customers, but when a threat is on the customer’s side, it is no longer the provider’s responsibility. Our research shows that companies should be more attentive to the cybersecurity hygiene of their employees and take measures that will protect their cloud environment from the inside,” said Maxim Frolov, Vice President of Global Sales at Kaspersky Lab.

There are some specific measures that Kaspersky Lab advises businesses take, to ensure their data remains secure in the cloud:

  • Explain to employees that they can become victims of cyberthreats. They mustn’t click on links or open attachments in communications from unknown users. Dedicated awareness training, such as gamified Kaspersky Security Awareness, can help with this
  • To minimize the risk of unapproved use of cloud platforms, educate staff about the negative effect of shadow IT and establish procedures for purchasing and consuming cloud infrastructure for each department
  • Use an endpoint security solution to prevent social engineering attack vectors. It should include protection for mail servers, mail clients and browsers
  • Implement protection for your cloud infrastructure as soon as possible after migration. Choose a dedicated cloud cybersecurity solution with a unified management console to manage security across all cloud platforms, and support automatic detection of cloud hosts, as well as auto-scale the roll out of protection to each one
  • Kaspersky Hybrid Cloud Security offers businesses multi-layered protection for multi-cloud environments, unified cybersecurity and seamless orchestration. The solution detects common and complex threats and protects the entire cloud infrastructure — from on-premise virtualized environments to public cloud platforms — such as AWS and Microsoft Azure

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

HEADLINES

As the year 2024 draws to a close, cybersecurity solutions provider Fortinet unveiled predictions that expect hackers will leverage as well as trends that...

Advertisement