Security incidents hit more than half of businesses storing data in the cloud
Over half (54 percent) of organizations that store customer data in the cloud had security incidents in 2020. As a result, as many as 62 percent plan to remove sensitive data from the cloud or have already done so to improve their data security.
These are the findings of a new report from Netwrix which shows the most common types of cloud security incidents in 2020 are phishing (reported by 40 percent of organizations), ransomware or other malware (24 percent), and accidental data leakage (17 percent).
Data theft has caused considerable damage to businesses in other ways as well. Incidents involving insider data theft negatively impacted company valuation for 33 percent of organizations, while data theft by hackers led to customer churn and loss of competitive edge (35 percent each).
The biggest data security challenges named by respondents are lack of IT staff (52 percent), lack of budget (47 percent) and lack of cloud security expertise (44 percent). Interestingly, 48 percent of CISOs note that the organization’s desire for growth hinders efforts to ensure proper data security in the cloud.
"The top three challenges organizations face in securing data in the cloud are lack of staff, financial resources and expertise. These hardships force security teams to operate in the 'new day, new breach' reality," says Ilia Sotnikov, vice president of product management at Netwrix. "To identify, detect and protect against threats in the cloud continuously, organizations should invest in solutions that help prioritize risks and automate security routines, such as tools that provide data discovery, activity auditing and alerting. That way, security teams can better manage risks, respond to the attacks promptly and minimize negative business outcomes."
Among other findings every tenth large enterprise (1,000+ employees) that suffered a cloud data breach changed its senior leadership as a result. Five percent of respondents who experienced cloud data theft by hackers needed years to detect it, but organizations that both classify data and audit user activity are 1.5 times more likely to discover incidents in the cloud in mere minutes.
The full report is available from the Netwrix site.