Most businesses haven't inspected cloud services for malware
Echoing the findings we reported earlier that companies leave cloud protection to third-parties, a new study from cloud security company Netskope reveals most companies don't scan their cloud services for malware either.
The study conducted with the Ponemon Institute shows 48 percent of companies surveyed don't inspect the cloud for malware and 12 percent are unsure if they do or not. Of those that do inspect 57 percent of respondents say they found malware.
It also shows that while 49 percent of business applications are now stored in the cloud, fewer than half of them (45 percent) are known, officially sanctioned or approved by IT.
Three-quarters of businesses say they store at least some sensitive or confidential business data in the cloud, and respondents estimate 26 percent of sensitive or confidential information is not visible to IT. When asked about security worries, the top concern over cloud security risks is loss of control over the security of data and end-user actions (49 percent), followed by loss or theft of intellectual property (47 percent), and compliance violations (39 percent).
"These data confirm that while cloud adoption is very much on the rise, organizations still lack confidence in the cloud’s ability to protect sensitive information," says Sanjay Beri, founder and CEO of Netskope. "With the rise of cloud threats like accidental data exposure, malware and ransomware aimed at exfiltrating data and extracting financial gain from sensitive data, IT teams need more robust intelligence, protection, and remediation to protect their data from breach or loss".
Among other findings are that almost 20 percent can't determine if they experienced a breach or not, indicating a significant lack of insight into security policies and data currently stored in the cloud. For companies that did experience a data breach in the last year (31 percent), 48 percent say it was a user who exposed data intentionally or accidentally from a cloud service. However, a quarter don't have any idea how the breach occurred, and 30 percent could not determine what data was lost or stolen.
You can read more on the report’s findings on the Netskope blog.