Nearly 80% of Companies Experienced a Cloud Data Breach in Past 18 Months

June 5, 2020

Ermetic, cloud access risk security company, announced the results of a research study conducted by global intelligence firm IDC which found that nearly 80% of the companies surveyed had experienced at least one cloud data breach in the past 18 months, and nearly half (43%) reported 10 or more breaches.

According to the 300 CISOs that participated in the survey, security misconfiguration (67%), lack of adequate visibility into access settings and activities (64%) and identity and access management (IAM) permission errors (61%) were their top concerns associated with cloud production environments. Meanwhile, 80% reported they are unable to identify excessive access to sensitive data in IaaS/PaaS environments. In the recent 2020 Verizon Data Breach Investigations Report, only hacking ranked higher than misconfiguration errors as a source of data breaches.

“Even though most of the companies surveyed are already using IAM, data loss prevention, data classification and privileged account management products, more than half claimed these were not adequate for protecting cloud environments,” said Shai Morag, CEO of Ermetic. “In fact, two thirds cited cloud native capabilities for authorization and permission management, and security configuration as either a high or an essential priority.”

Driven by the dynamic and on-demand nature of public cloud infrastructure deployments, users and applications often accumulate access permissions beyond what is necessary for their legitimate needs. Excessive permissions may go unnoticed as they are often granted by default when a new resource or service is added to the cloud environment. These are a primary target for attackers as they can be used for malicious activities such as stealing sensitive data, delivering malware or causing damage such as disrupting critical processes and business operations.

Highlights of the Cloud Access Survey

As part of the study commissioned by Ermetic, IDC surveyed 300 senior IT decision makers in the US across the Banking (12%), Insurance (10%), Healthcare (11%), Government (8%), Utilities (9%), Manufacturing (10%), Retail (9%), Media (11%), Software (10%) and Pharmaceutical (10%) sectors. Organizations ranged in size from 1,500 to more than 20,000 employees. Some of the report’s key findings include:

79% of companies experienced at least one cloud data breach in the past 18 months, and 43% said they had 10 or more
Top three cloud security threats are security misconfiguration of production environments (67%), lack of visibility into access in production environments (64%) and improper IAM and permission configurations (61%)
Top three cloud security priorities are compliance monitoring (78%), authorization and permission management (75%), and security configuration management (73%)
Top cloud access security priorities are maintaining confidentiality of sensitive data (67%), regulatory compliance (61%) and providing the right level of access (53%)
Top cloud access security challenges are insufficient personal/expertise (66%), integrating disparate security solutions (52%) and lack of solutions that can meet their needs (39%)

A full copy of the report is available here: https://bit.ly/2MmZkDt.

Pandemics, Recessions and Disasters: Insider Threats During Troubling Times

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Industrial Cybersecurity: What Every Food & Bev Executive Needs to Know

ON DEMAND: There's a lot at stake when it comes to cybersecurity. Reputation, productivity, quality. Join us to discuss the future of your global security strategy and a path forward with trusted partners Cisco and Rockwell Automation, and turn your Food & Bev security challenges into strategic advantages that drive business value.

Poll

Who has ownership or primary responsibility of video surveillance at your enterprise?

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Nearly 80% of Companies Experienced a Cloud Data Breach in Past 18 Months

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Nearly 80% of Companies Experienced a Cloud Data Breach in Past 18 Months

Related Articles

Related Products

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.