Among the findings: understaffed IT teams and a lack of cybersecurity expertise hinder financial organizations from protecting data in the cloud. The survey also confirmed that phishing – scams used to gain credit card numbers, Social Security information and other sensitive data – is the No. 1 cloud attack danger.
And why is the cloud such a target? “The biggest reason is the same as why the gangsters rob banks – because the money is there,” said Ilia Sotnikov, the Netwrix vice president of product management.
Sotnikov notes it’s difficult to even define what the cloud is, but he gives this rough summary:
“The cloud is someone else’s computer. You are using the computing power that someone else is hosting and running for you,” he told the Business Journal on April 8.
The 2021 Netwrix Cloud Data Security Report is based on feedback from 937 IT professionals worldwide who use private and public cloud services to store their data. The organizations surveyed include those in finance, education, government and healthcare.
Unplanned Expenses
“For 49% of respondents, security incidents didn’t result in any serious consequences. But 28% encountered unplanned expenses to fix security gaps, 11% had to pay compliance fines and 8% believe they lost their competitive edge,” according to the survey released late last month.
Sotnikov said companies are reluctant to disclose details of security breaches unless they have to. He pointed to one such incident that hit Twitter last year and was indirectly related to cloud usage.
“As more and more organizations move to cloud-based email, such as Google Workspace (formerly G Suite) and Microsoft Office 365, you can expect these attacks to proliferate in the cloud,” Sotnikov said.
According to the Netwrix report, the top 3 incident types were phishing (40%), ransomware (24%) and accidental data leakage (17%). Organizations surveyed experienced an average of 2.8 security incidents each in the cloud in the past 12 months.
Insider attacks and accidental data leakages “are the most difficult to detect when they happen,” according to the Netwrix executive.
“Fewer organizations are storing data in the cloud than last year. In 2019, 57% of respondents said they store non-sensitive data in the cloud; now only 46% do. The number storing customer data in the cloud dropped from 50% to 44%,” the report said.
Fish in a Barrel
Mike Gentile, chief executive of cybersecurity company Cisoshare in San Clemente, also sees huge vulnerabilities in the cloud.
“The most common thing we see right now is attacks on cloud infrastructures because people are dumping all kinds of information in them — without anyone knowing what is truly there,” Gentile told the Business Journal on April 2.
“They think the cloud provider is responsible for doing the security, which they are not, you are, and this is leading to simple configuration errors that leave data easy to steal,” Gentile added.
That makes it “like shooting fish in a barrel for attackers right now.”
Sebastian Igreti, chief executive of IT services, consulting and cybersecurity company TechMD in Santa Ana, says the threat is growing.
Small and mid-sized businesses “continue to be reluctant to invest in protecting themselves against cyberattacks,” Igreti told the Business Journal on April 2. “They have many other priorities and challenges to deal with, so the approach is often penny-wise, pound foolish when it comes to cybersecurity.
“Ransomware continues to be the biggest threat in the market and is evolving,” he said.
“Hackers have learned that it is much easier to trick an employee into clicking on a link than it is to hack their way into a network, so targeting employees is their primary focus.”
