More than one in two organizations that store customer data in the cloud experienced security breaches in 2020, a new study found.
The high incident rate has prompted more than 60 percent of organizations to remove sensitive material from the cloud if they haven’t already done so, Netwrix said in its newly released 2021 Netwrix Cloud Data Security Report surveying 937 IT professionals worldwide using private and public cloud services to store their data.
In 2020, insider data theft negatively impacted company valuation (33%), the Irvine, California-based data security provider said. By comparison, external hacking led to customer churn (35%) and loss of competitive edge (35%). The survey also found that the most common types of cloud security incidents were phishing (40%), ransomware or other malware (24%), and accidental data leakage (17%). More than half of the study’s participants said that additional budget was needed to fix security gaps that led to the security incidents.
In terms of data security challenges, a shortage of IT staff was cited by 52 percent of the survey’s respondents followed by constricted budget (47%) and lack of cloud security expertise (44%).
“These hardships force security teams to operate in the ‘new day, new breach’ reality,” said Ilia Sotnikov, Netwrix product management vice president. “To identify, detect and protect against threats in the cloud continuously, organizations should invest in solutions that help prioritize risks and automate security routines, such as tools that provide data discovery, activity auditing and alerting,” he said. “That way, security teams can better manage risks, respond to the attacks promptly and minimize negative business outcomes.”
Additional survey findings include:
- 48 percent of CISO participants said their organization’s growth objectives hinder proper data security in the cloud.
- 85 percent of CISOs said they sacrificed cybersecurity to quickly enable employees to work remotely.
- Encryption (62%), auditing of user activity (58%) and employee training (58%) are the most popular cloud security controls organizations deploy.
- The majority of respondents either already classify sensitive data in the cloud (49%) or plan to implement it in the future (31%).
- One in 10 large enterprises (1,000+ employees) hit by a cloud data breach in 2020 changed their senior leadership.
- 5 percent of respondents that experienced cloud data theft by hackers needed years to detect it, the only incident type taking that long to spot.
- Organizations that both classify data and audit user activity are 1.5 times more likely to discover incidents in the cloud in minutes.