‘Social Engineering Techniques’ Behind Cloud-related Data Breaches
You might have heard about cloud-related breaches majorly attributed to cloud service providers!
But that’s not the case all time! Kaspersky Lab has come up with some interesting revelations in its latest report titled ‘Understanding security of the cloud: from adoption benefits to threats and concerns’.
The report says 10 out of 9 breaches in the cloud are caused by human errors, and not cloud providers.
Around 90% (SMBs (88%) and enterprises (91%)) of corporate data breaches in the cloud happen due to social engineering techniques targeting customers’ employees, not because of problems caused by the cloud provider.
The study reports majority of such cases in public cloud infrastructure.
While the cloud adoption is on the rise across organizations of all sizes, majority of the companies are worried about continuity and security with the cloud, the report adds.
Nearly, one-third of both SMBs (35%) and enterprise firms (39%) are concerned about incidents affecting IT infrastructure hosted by a third party.
Besides impacts from external service providers, organizations stand in proximity to unexpected incidents in the cloud occurring on their side.
Around 33 percent of incidents in the cloud are attributed to social engineering techniques that are found to change employee behavior, while only 11 percent are from cloud providers.
Scope for Cybersecurity
The report recommends organizations to focus more on cybersecurity measures in working with third parties.
“Only 39% of SMBs and 47% of enterprises have implemented tailored protection for the cloud. This may be the result of businesses largely relying on a cloud infrastructure provider for cybersecurity,” the report adds.
Here are some important recommendations that Kaspersky Lab makes to firms on data security in cloud:
- Make employees aware about the possibility of they being threat, either by accessing unwanted links, attachments, etc. from unknown users
- Awareness on risk of the unapproved use of cloud platforms
- Build endpoint security to avoid attacks through social engineering with protection to emails, servers, browsers, etc.
- Have a dedicated cloud cybersecurity solution along with a unified management console for security across all cloud platforms
- Allow automatic detection of cloud hosts as well as auto-scale the roll out of protection to each one
“The first and foremost step while migrating to the cloud is to consider the security of business data and related workloads. Our research shows that companies should be more attentive to the cybersecurity hygiene of their employees and take measures that will protect their cloud environment from the inside,” says Maxim Frolov, Vice President of Global Sales at Kaspersky Lab.
Want to check Veritis Cloud Disaster Recovery Offering?