Cloud security spending now tops all other cyber security spending categories, according to a report by the defence contractor Thales. Some 44 per cent of organizations surveyed have experienced a cloud data breach and 14pc said that they had one in past year.
Human error and misconfiguration continue as the top root cause of such breaches, ahead of attackers exploiting known vulnerabilities; and failure to use Multi-Factor Authentication (MFA). Nearly half of those surveyed say it’s more difficult to manage compliance and privacy in the cloud compared with on-premises storage of data.
Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales, said: “The scalability and flexibility that the cloud offers is highly compelling for organizations, so it’s no surprise it is central to their security strategies. However, as the cloud attack surface expands, organizations must get a firm grasp on the data they have stored in the cloud, the keys they’re using to encrypt it, and the ability to have complete visibility into who is accessing the data and how it being used. It is vital to solve these challenges now, especially as data sovereignty and privacy have emerged as top concerns in this year’s research.”
Comments
Rajeev Raghunarayan, Vice President of Product Marketing at SaaS security product firm Obsidian Security, says: “That SaaS is one of the top targets for cyber attacks is unsurprising. Having handled hundreds of SaaS incidents with our IR partners, we see SaaS threats become a rising concern for organisations. SaaS breaches have grown 4x in the last year. And while configuration issues may lead to IaaS breaches, identity forms the fulcrum of SaS breaches – leading to over 80 per cent of the breaches. These include attacks like help desk social engineering, self-service password resets (SSPR), or attacker-in-the-middle (AiTM). SaaS posture issues and data security and governance gaps form the other two key drivers of SaaS breaches.”
Jamie Akhtar, co-founder and CEO at CyberSmart., said: “Without a doubt, the most alarming part of this report is the news that 44 per cent of organisations have experienced a cloud data breach. This figure is far too high and speaks to misconfiguration on the part of businesses. Cloud data storage should theoretically be one of the safest places to put your sensitive information. However, this just isn’t borne out by Thales’ research. This points towards businesses setting up their cloud environments poorly and failing to use encryption.”
Meanwhile Thales and the French Alternative Energies and Atomic Energy Commission (CEA) have signed a partnership agreement in generative artificial intelligence (AI).
