Nearly All Cloud Breaches Down To Humans – Kaspersky Lab

Tom Jowitt,
identity deception fraud social engineering security © Shutterstock

We pesky humans are responsible for 90 percent of cloud data breaches, with social engineering a major concern

Humans are to blame for a clear majority of all cloud breaches, security specialist Kaspersky Lab has warned.

In its report, the firm found that social engineering of staff accounted for 90 percent of data breaches in the cloud.

Security problems associated with staff is nothing new however. Four years ago in 2015 for example, human error was identified as the leading cause of data losses for businesses in the UK, a Databarracks study found.

Corporate breaches

The Kaspersky Lab study of corporate breaches meanwhile found that cloud providers, are not the cause for most breaches, despite any perception otherwise.

While cloud providers are expected by companies to be responsible for the safety of data stored on their cloud platforms, it is often down to company staff when breaches occur.

Kaspersky Lab found that around 90 percent (SMBs 88 percent, enterprises 91 percent) of all corporate data breaches in the cloud happen due to social engineering techniques targeting customers’ staff, not because of problems caused by the cloud provider.

Kaspersky Lab also found that at least a third of both SMB and enterprise companies (35 percent SMB and 39 percent enterprise) are concerned about incidents affecting IT infrastructure hosted by a third party.

This can include cloud infrastructure continuity and the security of corporate data.

Despite corporate management fretting about the cloud, the clear message from the Kaspersky study is that corporates need to look closer to home.

It found that a third of incidents (33 percent) in the cloud are caused by social engineering techniques affecting employee behaviour, while only 11 percent can be blamed on the actions of a cloud provider.

And it seems that many corporates using cloud services fail to adjust their security policies correctly.

Only 39 percent of SMBs and half (47 percent) of enterprises have implemented tailored protection for the cloud.

“The first step for any business when migrating to public cloud is to understand who is responsible for their business data and the workloads held in it,” said Maxim Frolov, VP of global sales at Kaspersky Lab.

“Cloud providers normally have dedicated cybersecurity measures in place to protect their platforms and customers, but when a threat is on the customer’s side, it is no longer the provider’s responsibility,” Frolov said. “Our research shows that companies should be more attentive to the cybersecurity hygiene of their employees and take measures that will protect their cloud environment from the inside.”

Educate, educate

Kaspersky Lab advises cloud using customers to take the following steps.

Firstly, explain to staff that they can become victims of cyberthreats. Staff should be educated so as to not click on links or open attachments in communications from unknown users.

Secondly, staff should also be educated about unapproved use of cloud platforms, and procedures should be created for purchasing and consuming cloud infrastructure for each department.

Kaspersky Lab unsurprisingly also advise that corporates use endpoint security solution to prevent social engineering attack vectors. This means protecting mail servers, mail clients and browsers.

Do you know all about security? Try our quiz!