Human Error the Leading Cause of Cloud Data Breaches

Written by

Around two in five (39%) businesses experienced a data breach in their cloud environment in 2022, a rise of 4% compared with 2021, a new report has found.

The 2023 Thales Global Cloud Security Study, which surveyed nearly 3000 IT and security professionals across 18 countries, also revealed a dramatic increase in sensitive data stored in the cloud in 2022 compared to the previous year. Three-quarters (75%) of respondents said that more than 40% of data stored in their organizations’ cloud environments was ‘sensitive.’ This compared to 39% of businesses in 2021.

Targeting the Human Factor

The leading cause of cloud data breaches was human error, at 55%, according to the report. This was significantly above the next highest factor identified by respondents (21%), which was exploitation of vulnerabilities.

The targeting of users to infiltrate cloud networks is also a trend being observed by cybersecurity company Proofpoint. Matt Cooke, Cybersecurity Strategist at Proofpoint told Infosecurity: “Attackers realize that people and their accounts are still the vulnerability. And it actually doesn’t matter now where that person is because everyone’s pretty much using the same tools. For example, everyone’s got a Microsoft 365 account.”

Proofpoint’s 2023 Human Factor report found that 94% of monitored cloud tenants were targeted by either precision or brute-force attacks in any given month. Of these tenants, 62% were successfully attacked.

“From an attacker’s perspective, if you’ve got a list of usernames and passwords and you think they might belong to a particular company, why would you not try them against those accounts? We see that going on quite significantly,” commented Cooke.

App-Based Threats

The Thales report highlighted a 41% rise in SaaS usage from 2021 to 2023, with these applications increasingly replacing on-premises application functionality. Over half of cyber professionals (55%) said this expansion has made it more complex to secure data in the cloud.

Additionally, the respondents ranked SaaS apps as the most targeted area for attacks (38%) in 2022, followed by cloud storage (36%).

Proofpoint’s Cooke also highlighted apps as a key area in cloud security. He outlined a growing trend of malicious third-party applications being connected to organizations’ cloud accounts. Here, attackers trick users into granting permissions to malicious OAuth apps, giving them access to the user’s legitimate cloud services.

“You get the pop-up from the app asking for permission to your account, which was probably verified when it was installed,” explained Cooke. “At some point it was turned into a malicious app and that malicious app then has full access to the account, from there leading to an account takeover.”

Multi-Cloud Complexity

Another trend identified in the Thales 2023 Global Cloud Security Study was the continuing surge of multicloud adoption, with 79% of organizations surveyed having more than one cloud provider in 2022.

Chris Harris, EMEA Technical Associate Vice President, Data Security at Thales, told Infosecurity that multicloud environments have created more cybersecurity difficulties for organizations, as it means there are multiple security controls and data protection models to understand and implement.

“Discrepancies in configuration and compatibility can mean gaps can emerge, increasing the risk of a breach or intrusion by a malicious actor,” he outlined. “It makes it all the more important to reconsider the cybersecurity measures that are in place as an organization moves critical data into multicloud environments, as those solutions that might have worked in a world where everything was kept in on-premises environments are likely no longer sufficient.”

Measures for Organizations

According to the research, just 22% of respondents in the study reported that 60% or more of their cloud data is encrypted. Additionally, on average, only 45% of sensitive data stored in the cloud is encrypted.

Thales highlighted a number of factors that may explain the low levels of encryption, including a lack of understanding of specific cloud encryption operations and concerns about limiting developer productivity. Harris noted that organizations need to take new approaches to encryption due to the additional complexities caused by multi-cloud environments.

“In a multi-cloud world, organizations need to find ways to centrally manage the encryption keys that are used to manage access across their infrastructure — whether that’s on-premises or in the cloud,” he explained.

The report also emphasized the importance of increasing strong multifactor authentication (MFA) adoption to secure cloud data access, which was implemented by 65% of respondents.

Proofpoint’s Cooke agreed that MFA is a vital measure in cloud security, but warned organizations not to see it as a “silver bullet,” with cyber-threat actors becoming increasingly adept at MFA bypass techniques.

Another important security approach is continuous monitoring of attempts to target users, according to Cooke. “We recommend that organizations use tools that help them identify suspicious logins and behaviors within the cloud platforms,” he said. 

What’s hot on Infosecurity Magazine?