Cloud Service Adoption Leads to More Data Breaches

Cloud Service Adoption Leads to More Data Breaches

The growing use of cloud services and the lack of visibility into sensitive information in the cloud can result in more damaging or costly data breaches.

That’s according to a Netskope study conducted in partnership with Ponemon Institute. The survey found that when respondents were asked to estimate the likelihood of a data breach, they said that the growing use of cloud services (SaaS) and the increase in backup and storage of confidential data in the cloud is most likely to cause a data breach in the cloud.

Almost 90% believe an increase of cloud services usage of 50% within the next year will increase the probability of a data breach. The same percentage agree a 50% increase in backup and storage of sensitive information in the cloud would also increase the probability of a data breach.

Early cloud adopters are still skeptical: Only a third believe their cloud service providers enable security technologies to protect and secure sensitive or confidential information, and only 37% believe cloud apps are in full compliance with privacy and data protection regulation and law. 

It turns out that they have good reason to be skeptical: For companies that did experience a data breach in the last year (31%), 48% say it was the user who exposed data intentionally or accidentally from a cloud service. However, a quarter don’t have any idea how the breach occurred, and 30% could not determine what data were lost or stolen.

Of those organizations that do inspect the cloud for malware, 57% of respondents say they found malware in the cloud.

“These data confirm that while cloud adoption is very much on the rise, organizations still lack confidence in the cloud’s ability to protect sensitive information,” said Sanjay Beri, founder and CEO, Netskope. “With the rise of cloud threats like accidental data exposure, malware and ransomware aimed at exfiltrating data and extracting financial gain from sensitive data, IT teams need more robust intelligence, protection, and remediation to protect their data from breach or loss.”

Companies also were asked to estimate the cost of data breaches involving the loss of 100,000 or more customer records within the last 12 months. They calculated a customer information breach would have cost them almost $20 million in the past year, taking into consideration the cost of remediation and technical support, lost business opportunities and lost productivity because of downtime.

The largest cost (40%) is damage to reputation and brand, with companies estimating a spend of $7.68 million. Cleanup and remediation spend was approximately $3.85 million, while damage or theft of IT assets and infrastructure accounted for just under a million dollars per year.

For a data breach associated with IP vs. customer records, damage to reputation and brand value again represents the largest estimated data breach cost component, at $5.66 million, nearly half (44%) of the total estimated cost of $12.80 million. More than half (54%) believe there is more than a 10% chance of an IP-related data breach happening in the next year.

Although respondents said that they believe that there’s a cloud multiplier effect—i.e., more cloud, more breaches—the majority of enterprises have not (or do not know if they have) inspected their cloud services for malware.

The findings also reveal that while 49% of business applications are now stored in the cloud, fewer than half of them are known, officially sanctioned or approved by IT. While respondents understand the risk of data breaches, nearly a quarter could not determine if they had been breached, and nearly a third couldn’t determine what types of data were lost in the breach(es).

And given the high percenage that don’t even monitor, more than one-third (34%) likely have malware in their clouds but don’t know it.

“Considering that Netskope research estimates that less than 5% of cloud services are sanctioned, it is unlikely [that] respondents are inspecting all potential services (sanctioned and unsanctioned), raising the possibility that the portion of cloud services that contains malware is even larger,” the report noted.

Photo © everything possible

Source: Information Security Magazine