- Security TWENTY
- Women in Security
Incidents in public cloud infrastructure are more likely to happen because of a customer’s employees rather than actions carried out by cloud providers. That is according to a cyber security product company. Companies expect cloud providers to be responsible for the safety of data stored on their cloud platforms. However, most – 88 per cent of SMBs and enterprises 91 pc – of corporate data breaches in the cloud happen due to social engineering techniques targeting customers’ employees, not through the provider, according to a new Kaspersky Lab report –‘Understanding security of the cloud: from adoption benefits to threats and concerns’.
Cloud adoption lets users have more agile business processes, reduced CAPEX and faster IT provision. However, they also worry about cloud infrastructure continuity and the security of data. At least a third of both SMB and enterprise companies (35pc SMB, and 39pc enterprise) are concerned about incidents affecting IT infrastructure hosted by a third party. An incident can make the benefits of cloud redundant and lead of commercial and reputational risks.
Even though users are primarily worried about the integrity of external cloud platforms, they are more likely to be affected by weaknesses far closer to home, suggests Kaspersky. A third of incidents (33pc) in the cloud are caused by social engineering techniques affecting employee behaviour, while only 11pc can be blamed on the actions of a cloud provider.
The survey suggests there is still room for improvement to ensure adequate cybersecurity measures are in place when working with third parties. Only 39pc of SMBs and near half (47pc) of enterprises have implemented tailored protection for the cloud. This may be the result of businesses largely relying on a cloud infrastructure provider for cybersecurity. Or, Kaspersky adds, they could have false confidence that standard endpoint protection works smoothly within cloud environments without diminishing the benefits of cloud.
Maxim Frolov, Vice President of Global Sales at Kaspersky Lab said: “The first step for any business when migrating to public cloud is to understand who is responsible for their business data and the workloads held in it. Cloud providers normally have dedicated cybersecurity measures in place to protect their platforms and customers, but when a threat is on the customer’s side, it is no longer the provider’s responsibility. Our research shows that companies should be more attentive to the cybersecurity hygiene of their employees and take measures that will protect their cloud environment from the inside.”