Why Are Cloud Data Breaches Up by More Than a Third

Cloud Data Breaches Are Up By 36% for 3 Reasons

After the chaotic events of 2020 and the sudden shift to remote work, anyone who isn’t already in the cloud data market is rethinking their stance. Companies discovered exactly why maintaining operational flexibility while improving cyber resilience is critical to the success of today’s businesses. But now, with cloud adoption accelerating and the scale of cloud environments burgeoning, engineering and security teams say that specialized risk and the costs of addressing the dynamics of a potential cloud data breach are also on the rise – especially in three crucial areas. 

Problems Don’t Float Away in the Cloud  

In the recently released survey “The State of Cloud Security 2021” conducted by Fugue and Sonatype, researchers spoke with 300 cloud professionals including cloud engineers, security engineers, DevOps specialists and security architects to gauge the level of risk associated with cloud data hosting as well as the major pain points that were keeping them from improving cloud security. By far the biggest takeaway is the fact that 36% of organizations surveyed suffered a serious data security incident like cloud data breach in the past 12 months.  

An increasingly dangerous cybercrime landscape makes that deeply concerning for anyone who is using cloud data technology. The reasons that IT professionals are pointing to as the culprit for many of those breaches are concerning as well because they’re nothing extraordinary. The vast majority were not caused by criminal hacking or cybercrime sources at all. Instead, these companies suffered a data breach or leak in their cloud environment because of a laundry list of avoidable misconfiguration and personnel issues that ultimately led to disaster. 

The Primary Causes of Cloud Data Breaches 

The IT professionals surveyed had plenty of targets to point fingers at as influences of a possible cloud data breach and none of them are cybercriminal hackers.

  • 32% say too many APIs and interfaces to govern  
  • 31% cite lack of adequate controls and database oversight 
  • 27% point to lack of policy awareness around data security
  • 23% blamed old-fashioned negligence   
  • 21% said they are not checking Infrastructure as Code (IaC) prior to deployment 
  • 20% admitted that their IT team oversight is at fault 

The 3 Biggest Blockers to Reducing Cloud Data Security Risk 

That’s not just a 2020 one-off either. Cloud data security is just as risky in 2021 and that risk is rising. In fact, researchers discovered that eight out of ten are worried that they’re vulnerable to a major cloud data security incident. Three major pitfalls stand between businesses and better cloud data security, but all of them can be mitigated.    

Human Error 

It should be no surprise that human error tops the list of cloud data security pitfalls. After all, it tops every other list of cybersecurity blunders. Almost 40% of the IT professionals surveyed cited human error as the culprit for a could data breach or leak in their organization. Training challenges are a big factor here, even when it comes to the training of the IT teams managing the nuts and bolts of the cloud data environment – 35% of the professionals surveyed cited challenges around sufficiently training their cloud teams on security as a major pain point. 

This tracks with the data delivered in the 2021 Cost of a Data Breach Report by Verizon and the Ponemon Institute. Unforced errors were to blame for many expensive cloud data breach disasters. The human element was the cause behind 85% of data breaches. Diving deeper, the number one reason that was presented for most cloud data breaches is misconfiguration, which is almost inevitably the result of a preventable circumstance like insufficient personnel, overburdening, deficiencies in training and bad cybersecurity hygiene.  

Resource Scarcity 

The demand for cloud security experts is strong and rising as it continues to outpace supply. Companies are definitely in the market for low to mid-level security personnel with cloud security experience, but that market is extremely competitive, leading to staffing shortfalls. The need for experienced engineering, management and architecture personnel is especially large and equally as problematic. Experts estimate that we’re experiencing a 3.12 million worker shortage of skilled information security workers and that number is expected to rise.   

 It’s a chronic problem that haunts IT leaders – in a recent security survey, 36% of them cited ongoing challenges in hiring and retaining the skilled, experienced cloud security personnel that they need to keep their cloud environments operating efficiently and safely. That opens every one of their organizations up to a cascade of risk as it combines with other factors like sky-high third party and supply chain risk to spell disaster. It’s not getting better either – 95% of the surveyed executives said that instead of improving even incrementally, the skills shortage (and the subsequent hiring problems that it creates) have stayed the same or gotten worse over the past few years. 

Overburdened Teams 

Overburdening is a chronic problem in IT and it is often especially burdensome to cybersecurity teams. In a study of IT team challenges, overwork, burnout and retention issues were overwhelmingly cited as the biggest pain point for corporate IT leaders. Many IT leaders are also frustrated with how their companies are addressing the issue. Although they feel that they’ve consistently raised the alarm, almost 60% of respondents said they do not believe their organizations are taking it seriously or doing enough to alleviate pressure on their overburdened IT teams, leading to more human error or training-related data security incidents.  

That’s not surprising, especially after the rollercoaster ride of 2020. An estimated 85% of CISOs admit they sacrificed cybersecurity to quickly enable employees to work remotely. The result of that sacrifice was frequently unduly stressed company IT teams, expensive security incidents and phishing-related disasters like ransomware coming to call. . Perennial problems that stem from that overburdening are direct contributors to a company’s risk for a cloud data breach. The two biggest culprits that IT leaders cited were alert fatigue (21%) and false positives (27%). 

Blunt the Impact of These Pain Points with Sensible Solutions 

The ID Agent digital risk protection platform offers every organization help in dealing with these problems, as these businesses discovered. Our solutions address operational issues as well as constantly rising cybercrime risk, enabling companies to get twice as much value out of security expenditures. That value doesn’t just stop at the point of purchase – we’re constantly innovating to keep you a step ahead of cybercriminals while improving your IT team’s quality of life. 

  • Passly includes an array of identity and access management tools cited by experts as key security moves that add immediate protection against human error disasters. Your savings and benefits begin immediately with robust functionality. Essentials like multifactor authentication and single sign-on make remote management and access control easy. Automated password resets will make your IT team happy and give them more time. 
  • Dark Web ID enables you to get a clear picture of your company’s credential compromise threats from dark web sources. Our 24/7/365 always-on monitoring alerts businesses to credentials appearing on the dark web that may have been stolen or phished to mitigate the risk of bad actors using a stolen password to gain access to your systems and data. Automated alerts and reporting means that your team doesn’t need to spend time staring at a dashboard or pulling reports. 
  • BullPhish ID improves your staff’s security awareness and increases phishing resistance. But they’ll learn about much more than just phishing including compliance, password safety, security hygiene and more, giving every employee a solid grounding in cybersecurity pitfalls and best practices. Choose from our plug-and-play complete training modules and phishing simulations or customize the content to reflect the unique industry risks that employees face daily. 
  • See them in action in these short demonstration videos

The ID Agent digital risk protection platform has the strong solutions that every business needs to protect their systems and data from today’s biggest threats. Contact our solutions experts today to learn how your business can benefit and receive a free, personalized demonstration.