BY Richard Summerfield
Cloud services, infrastructure and applications are the primary subjects of cyber attacks, according to the 2024 Thales Cloud Security Study.
The report, which surveyed nearly 3000 IT and security professionals across 18 countries in 37 industries, found that cloud security spending now tops all other security spending categories. This is particularly concerning given that 47 percent of all corporate data stored in the cloud is sensitive. Of those companies surveyed, 44 percent have experienced a cloud data breach - 14 percent in the past year.
According to the report, nearly half of organisations believe it is more difficult to manage compliance and privacy in the cloud compared to on-premises. Thirty-one percent recognise the importance of digital sovereignty initiatives as a means of futureproofing their cloud environments.
“The scalability and flexibility that the cloud offers is highly compelling for organizations, so it’s no surprise it is central to their security strategies,” said Sebastien Cano, a senior vice president at Thales. “However, as the cloud attack surface expands, organizations must get a firm grasp on the data they have stored in the cloud, the keys they’re using to encrypt it, and the ability to have complete visibility into who is accessing the data and how it being used. It is vital to solve these challenges now, especially as data sovereignty and privacy have emerged as top concerns in this year’s research.”
The report also noted that among the targeted cloud resources, 31 percent are software as a service (SaaS) applications, 30 percent are cloud storage and 26 percent are cloud management infrastructure.
Human error and misconfigurations occurred in 31 percent of breaches, making this the top root cause. That figure was significantly lower compared to last year’s report, where 55 percent of cloud incidents were caused by human error. Exploitation of known vulnerabilities was the next highest root cause of cloud breaches, accounting for 28 percent, up seven percent compared to Thales’ 2023 report. Exploitation of previously unknown vulnerabilities and zero days accounted for 24 percent of breaches. Failure to use multi-factor authentication (MFA) was another significant cause of cloud breaches, identified in 17 percent of cases.
External attackers, including cyber criminals, hacktivists and nation-state actors, as well as malicious insiders, are also the driving force behind many cloud security breaches.
Sixty-five percent of respondents identified cloud security as a current concern, and cloud security was the top category of security spending, reported by 33 percent of all respondents.
Report: Thales 2024 Cloud Security Study