A report shows rise in ransomware attacks and human error as the leading cause of data breaches in the cloud.
48% of IT professionals reported an increase in ransomware attacks, with 22% of organizations having experienced a ransomware attack in the last 12 months. 51% of companies have no official ransomware plan
Of those who have recently experienced a data breach in the cloud, 55% of respondents cited human error as the root cause.
Key Findings
Thales announces the release of the Thales Data Threat Report 2023, its annual report on the latest data security threats, trends and hot topics based on a survey of nearly 3.000 IT and security professionals in 18 countries. This year's report finds an increase in ransomware attacks and heightened risks to sensitive data in the cloud. Almost half (47%) of IT professionals surveyed believe security threats are increasing in frequency or severity, and 48% report an increase in ransomware attacks. More than a third (37%) have experienced a data breach in the past 22 months, including XNUMX% who reported their organization was the victim of a ransomware attack.
Respondents cited their cloud assets as the top targets of cyberattacks. More than a quarter (28%) said SaaS applications and cloud-based storage are the top attack targets, followed by cloud-hosted applications (26%) and cloud infrastructure management (25%). Rising cloud utilization and attacks are directly related to the increase in workloads moving to the cloud, as 75% of respondents said 40% of data stored in the cloud is now classified as sensitive, versus 49% of respondents in the cloud year 2022.
These are just some of the key findings from the 2023 Thales Data Threat Report, conducted by 451 Research, which surveyed both private and public sector organizations. The report shows how organizations are responding and planning their data security strategies and practices in the face of a changing threat landscape, and the progress they are making in countering threats.
Human error
Simple human error, misconfiguration, or other mistakes can inadvertently lead to breaches — and respondents cited this as the top cause of data breaches in the cloud. For organizations that experienced a data breach in the last 55 months, misconfiguration or human error was the top cause, cited by 21% of respondents. This was followed by the exploitation of a known vulnerability (13%) and the exploitation of a zero-day vulnerability or a previously unknown vulnerability (28%). The report finds that identity and access management (IAM) is the best defense: XNUMX% of respondents said it is the most effective tool for mitigating these risks.
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
Meanwhile, the severity of ransomware attacks appears to be decreasing: 35% of respondents in 2023 said ransomware had a significant impact, compared to 44% of respondents who reported a similar impact in 2022. Spending is also moving in the right direction: 61% of companies said they would reallocate or increase their budget for ransomware tools to prevent future attacks (up from 57% in 2022), but company responses to Ransomware continue to be inconsistent. Only 49% of organizations said they have a formal ransomware response plan in place, while 67% still report data loss from ransomware attacks.
Challenges of digital sovereignty
Digital sovereignty is becoming a priority for privacy and security teams. Overall, the report found that data sovereignty remains both a short- and long-term challenge for organizations. 83% expressed concerns about data sovereignty, and 55% agreed that data protection and compliance in the cloud have become more difficult, likely due to the emergence of digital sovereignty requirements.
Emerging threats from quantum computing that could attack classic encryption systems are also a concern for businesses. The report shows that "Harvest Now, Decrypt Later" ("HNDL") and future network decryption are the top security concerns related to quantum computing - 62% and 55% of respondents, respectively, said they were concerned. While post-quantum cryptography (PQC) has emerged as a discipline to counter these threats, the report found that 62% of organizations have five or more key management systems, posing a challenge for PQC and crypto flexibility.
Comment
Sebastien Cano, senior vice president of cloud protection and licensing activities at Thales, comments, “Enterprises continue to face a serious threat landscape. Our findings indicate that good progress is being made in certain areas, including the adoption of MFA and the increased use of data encryption. However, there are still many security gaps in data transparency. In a world increasingly embracing the cloud, organizations need better control over their data so it can serve their stakeholders with greater security and confidence. As data sovereignty and privacy regulations tighten around the world, security teams need to be much more confident that they know where their data is stored and how it is being moved and used.”
More at Thalesgroup.com
About Thales
Thales (Euronext Paris: HO) is a global technology leader in aerospace, defense and digital identity and security. Our solutions help make the world safer, greener and more inclusive. We invest almost four billion euros annually in research and development and drive innovation in key areas such as quantum technology, cloud architectures, 6G and cybersecurity. With 77.000 employees in 68 countries, the group will generate sales of EUR 17.6 billion in 2022.