Cloud Resources Have Become the Primary Target of Cyberattacks

25/07/2024

By Melisa Osores, Managing Editor for Latin America at Computer Weekly

Originally published in Computer Weekly

According to research by Thales, 44% of all organizations have experienced a cloud data breach, and nearly half (47%) of corporate data stored in the cloud is sensitive data.

As cloud use remains strategically vital for many organizations, cloud resources have become the primary target of cyberattacks, with 31% of attacks prioritizing SaaS applications, 30% cloud storage, and 26% cloud management infrastructure. As a result, protecting cloud environments has become the top security priority, ahead of all other security disciplines. These numbers were presented in the Thales “2024 Cloud Security Study,” which was based on a survey of almost 3,000 IT and security professionals in 18 countries across 37 industries.

The study showed that organizations continue to face cloud data breaches: 44% reported having experienced a cloud data breach, and 14% reported a breach in the past 12 months. Human error and misconfiguration remain the leading causes of these breaches (31%), ahead of known vulnerability exploits (28%) and failure to implement multi-factor authentication (17%).

The growing use of the cloud in enterprises has increased the potential attack surface for malicious actors, as 66% of organizations use more than 25 SaaS applications and nearly half (47%) of data in the cloud is sensitive. Despite increasing risks to sensitive cloud data, encryption rates remain low, with less than 10% of enterprises encrypting 80% or more of their cloud data.

“The scalability and flexibility offered by the cloud are extremely attractive to organizations, so it is no surprise that it is a fundamental element of their security strategies. However, as the cloud attack surface expands, organizations must get a firm grasp on the data they have stored in the cloud, the keys they are using to encrypt it, and the ability to have complete visibility into who is accessing the data and how it is being used. Solving these challenges now is vital, especially considering that data sovereignty and privacy emerged as top concerns in this year’s study,” said Sebastien Cano, Senior Vice President of Thales Cloud Protection and Licensing.

As organizations gain more experience with cloud computing, many are updating their investments to meet new security challenges. For organizations that prioritized digital sovereignty as an emerging security concern, refactoring applications to logically segment, secure, store, and process data in the cloud was the top-cited method for achieving digital sovereignty, ahead of other measures, such as repatriating workloads on premises or in the territory. Future-proofing cloud environments (31%) was mentioned as the number one driver for digital sovereignty initiatives, while regulatory compliance was a distant second at 22%.

For more information, watch the Thales S&P Global webinar, presented by Scott Crawford, Information Security Research Head, and Justin Lam, Research Analyst.