Survey surfaces security challenges in age of the cloud
A global survey of more than 2,700 executives with influence over IT and data security finds that not only did more than one in five (21%) experienced a ransomware attack in the last year, more than half (51%) are finding it more complex to manage privacy and data protection regulations in a cloud environment.
Conducted by 451 Research on behalf of Thales, a provider of encryption and data access management tools, the survey finds almost half (45%) of respondents reported seeing an increase in the volume, severity, and/or scope of cyberattacks in the past 12 months. Malware (56%) followed by ransomware (53%) and phishing/whaling (40%) are identified as the top three threats organizations are seeing. More than half (52%) also acknowledged that at some point their organization has been breached.
One in five (21%) respondents also said their organization has experienced a ransomware attack in the last year, with nearly a third of respondents having experienced a data breach in the last 12 months. A total of 43% were significantly impacted, but only 3% said there was any mention of the attack in a public media outlet. More than one in five (22%) of respondents said they have paid or would pay a ransom for their data.
Nearly a quarter (23%) of enterprises surveyed said hard financial losses from penalties, fines, and legal expenses have been or would be the greatest impact of ransomware, followed by lost productivity (19%), recovery costs (18%) and breach notification (16%), brand reputation (11%) and customer loss (7%).
Despite the current level of ransomware activity, however, less than half of respondents (48%) have a formal ransomware plan even though 79% said they remain concerned about the security risks of an increasingly remote workforce. Only a little more than half (56%) said they are very confident or in full possession of knowledge regarding where organizational data is being stored. However, only 25% of all respondents said they could classify all their data, while 53% said they could classify at least half of their data.
The survey also suggests that as organizations employ more cloud services and software-as-a-service (SaaS) applications the level of visibility an organization has into where data is stored drops significantly. More than a third of respondents (34%) said their organization was now using 50 or more SaaS applications. Less than a quarter of respondents (22%) said more than 60% of their sensitive cloud data is encrypted. A total of 44% reported that they had experienced a breach or failed an audit in their cloud environments.
There’s no doubt that managing and securing data has become more challenging as the number of places where data might be stored has increased. Many business leaders seem to think that all that data will somehow magically secure itself. Cybersecurity and IT professionals need to find ways to not only secure that data but also remind business leaders that each cool new application added to any IT environment increases the likelihood there will be a data breach. Sensitive data that cybersecurity teams took pains to secure all too often winds up being copied into another application that the cybersecurity team didn’t even know was being used.
That’s not to say there may not be a need for that other application, but it’s also apparent the best thing any organization can do to improve security is to limit the amount of data that needs to be secure by rationalizing as much as possible their application portfolio.