Cloud-based breaches primarily affected third parties and suppliers in 2021

News Desk -

Share

Proofpoint, Inc., a cybersecurity and compliance firm, has announced the publication of its most recent study, Cloud and Web Security Challenges in 2022, in collaboration with The Cloud Security Alliance (CSA). More than 950 information technology and security professionals from various organization sizes and locations were polled in the commissioned study to better understand the industry’s knowledge, attitudes, and opinions about the cloud- and web-delivered threats.

The findings show that organizations are struggling to adequately secure new cloud environments implemented during the pandemic, while also maintaining legacy equipment and attempting to adapt their overall security strategy to the changing landscape.

Emile Abou Saleh, Regional Director, Middle East & Africa at Proofpoint, said: “After over two years of unprecedented disruption and new ways of working, CISOs in the UAE have had to prioritize their efforts to address cyber threats aimed at today’s distributed, hybrid workforce. Their focus has gravitated towards preventing the most significant attacks targeting their organizations such as cloud account compromise (O365 or G suite accounts being compromised) which topped the list of cyber threats for 35% of UAE CISOs. ” 

“In the wake of COVID-19, organizations substantially accelerated their digital transformation initiatives to accommodate a remote workforce.” said Hillary Baron, lead author and research analyst at CSA, the world’s leading organization in defining standards, certifications, and best practices to help ensure a secure cloud computing environment. “While these initiatives strive toward improving worker productivity, product quality, or other business objectives, there are unintended consequences and challenges because of the large-scale structural changes required. One of those challenges is developing a cohesive approach to cloud and web threats while managing legacy and on-premise security infrastructure.”

As organizations continue to migrate to the cloud, their reliance on third parties and partners grows, increasing the risk of supply chain threats. According to the Cloud and Web Security Challenges in 2022, 81% of responding organizations are moderately to highly concerned about risks associated with suppliers and partners, with nearly half (48%) specifically concerned about potential data loss as a result of such risks. This level of concern is completely justified, as 58% of organizations indicated that third parties and suppliers would be the target of a cloud-based breach in 2021.

According to the study, protecting data is a top priority for businesses, with 47% citing “sensitive data loss” as the most concerning outcome of cloud and web attacks. Customer data, credentials, and intellectual property are the three types of data that organizations are most concerned with. Protecting customer data was listed as the primary cloud and web security goal for 43% of organizations in 2022. Despite this, only one-third (36%) of those polled have a dedicated Data Loss Prevention (DLP) solution in place.

“As organizations adopt cloud infrastructures to support their remote and hybrid work environments, they must not forget that people are the new perimeter. It is an organization’s responsibility to properly train and educate employees and stakeholders on how to identify, resist and report attacks before damage is done.” said Mayank Choudhary, executive vice president and general manager of Information Protection, Cloud Security & Compliance for Proofpoint. “Cultivating a culture of security within and around your organization coupled with the use of multiple streamlined solutions is critical to effectively protect people against cloud and web threats and defend organizational data.”

Key findings from the study include:  

  • 47% of those surveyed listed “sensitive data loss” as their most concerning outcome of cloud and web attacks, while “paying ransom” was of least concern to respondents (10%). 
  • 58% had a third party, contractor, and/or partner targeted in a cloud breach.   
  • Organizations are concerned that targeted cloud applications either contain or provide access to data such as email (36%), authentication (37%), storage/file sharing (35%), customer relationship management (33%), and enterprise business intelligence (30%).
  • Almost half of those surveyed (47%) blame dealing with legacy systems as key concern with their cloud security posture, while 37% feel they need to coach toward more secure employee behavior. 
  • Only one-third (36%) of organizations surveyed have a dedicated Data Loss Prevention (DLP) solution in place. Other solutions implemented include Endpoint Security (47%), Identity Management solutions (43%) and Privileged Access Management (38%).