Organisations doing too little to protect sensitive cloud data, study finds

Thales’ new study on security trends suggests that as little as 17% of organisations encrypt at least half of their sensitive data.

As it turns out, although a half of organisations surveyed store over 40% of their data in the cloud, only 17% make an effort to encrypt at least a half of data that is of sensitive nature.

This alone is reason for concern, but as luck would have it, regulated industries appear to be taking the matter more seriously as indicated by the Thales 2021 Data Threat Report.

According to its findings, 33% of healthcare respondents claim to be encrypting their data.

Ted Driggs, head of product at ExtraHop chimed in, and he believes mitigating cloud-related data breaches via data encryption is only one piece of the overall puzzle.

His standpoint is that encryption, although an important part of the overall security strategy, is not enough and that organisations need to do more to hold their own against sophisticated attacks.

While encryption remains an integral part of cloud security, real-time threat detection and response is not to be left out of the equation.

Kevin Kennedy, vice president at Vectra, would like to emphasise that attackers love the cloud due to its ability to storing critical data in an environment that is easy to access.

In this regard, the Vectra research findings are clear: Office 365 account takeovers have become the number one threat vector in cloud environments.

Furthermore, Verizon Data Breach Investigations Report suggests that account takeovers play a role in 77% of all cloud breaches.

Other top threats are:

  • Misconfiguration of production environments
  • Improper IAM and permission configurations

Once the attackers find their way in, their presence may remain undetected.

Due to this, Kennedy highlights the importance of detection methods rather than relying on prevention alone.