Cybersecurity vendor Netwrix’ ‘2021 Netwrix Cloud Data Security Report’ which surveyed 937 IT professionals globally reports that 54% of respondents who store customer data in the cloud had a security incident in 2020, 24% of which were ransomware or other malware. 35% of impacted companies report that these data theft incidents led to ‘customer churn and loss of competitive edge’.
Some other key findings include:
- 48% of CISOs report that business pressure for rapid digitalization, transformation and growth distracts them from data security.
- The top three challenges organizations said they need to overcome are understaffed IT teams (52%), lack of budget (47%) and lack of expertise in cloud security (44%). 51% of large enterprises don’t have enough knowledge of cloud security to ensure sensitive data is protected.
- Incidents that included supply chain compromise had the most impact on organizations, including compliance fines (53% of organizations), decrease in new sales (47%), change in senior leadership (24%) and lawsuits (29%).
With Cloud being critical infrastructure underpinning most company’s digital transformation strategies, C-Suites need to understand that while using the Cloud allows them to outsource some IT functions, outsourcing security is not one of them.
Indeed it was reported in August that Cloud misconfigurations are the greatest security threat to organizations, and yesterday the Cybersecurity and Infrastructure Security Agency (CISA) released a report titled ‘Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services’ highlighting the threat from attackers exploiting enterprises poor cyber hygiene practices in their cloud services configurations.
One of the main reasons why companies use Cloud is because of the better economies of scale, speed cost and efficiency gains that come from this outsourcing. But those benefits can be quickly lost following a breach. One of the frankly encouraging findings of this report is that data breaches leading to changes in senior leadership has become common. While most organizations profess that cybersecurity is a top priority for their management teams, the increasing accountability for mismanagement leading to a cyber breach is an important step to ensure security is actually given the necessary priority.