Nearly All Cloud Breaches Down To Humans – Kaspersky Lab

Humans are to blame for a clear majority of all cloud breaches, security specialist Kaspersky Lab has warned.

In its report, the firm found that social engineering of staff accounted for 90 percent of data breaches in the cloud.

Security problems associated with staff is nothing new however. Four years ago in 2015 for example, human error was identified as the leading cause of data losses for businesses in the UK, a Databarracks study found.

Corporate breaches

The Kaspersky Lab study of corporate breaches meanwhile found that cloud providers, are not the cause for most breaches, despite any perception otherwise.

While cloud providers are expected by companies to be responsible for the safety of data stored on their cloud platforms, it is often down to company staff when breaches occur.

Kaspersky Lab found that around 90 percent (SMBs 88 percent, enterprises 91 percent) of all corporate data breaches in the cloud happen due to social engineering techniques targeting customers’ staff, not because of problems caused by the cloud provider.

Kaspersky Lab also found that at least a third of both SMB and enterprise companies (35 percent SMB and 39 percent enterprise) are concerned about incidents affecting IT infrastructure hosted by a third party.

This can include cloud infrastructure continuity and the security of corporate data.

Despite corporate management fretting about the cloud, the clear message from the Kaspersky study is that corporates need to look closer to home.

It found that a third of incidents (33 percent) in the cloud are caused by social engineering techniques affecting employee behaviour, while only 11 percent can be blamed on the actions of a cloud provider.

And it seems that many corporates using cloud services fail to adjust their security policies correctly.

Only 39 percent of SMBs and half (47 percent) of enterprises have implemented tailored protection for the cloud.

“The first step for any business when migrating to public cloud is to understand who is responsible for their business data and the workloads held in it,” said Maxim Frolov, VP of global sales at Kaspersky Lab.

“Cloud providers normally have dedicated cybersecurity measures in place to protect their platforms and customers, but when a threat is on the customer’s side, it is no longer the provider’s responsibility,” Frolov said. “Our research shows that companies should be more attentive to the cybersecurity hygiene of their employees and take measures that will protect their cloud environment from the inside.”

Educate, educate

Kaspersky Lab advises cloud using customers to take the following steps.

Firstly, explain to staff that they can become victims of cyberthreats. Staff should be educated so as to not click on links or open attachments in communications from unknown users.

Secondly, staff should also be educated about unapproved use of cloud platforms, and procedures should be created for purchasing and consuming cloud infrastructure for each department.

Kaspersky Lab unsurprisingly also advise that corporates use endpoint security solution to prevent social engineering attack vectors. This means protecting mail servers, mail clients and browsers.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Hackers Steal Data From Louis Vuitton Korea

Louis Vuitton South Korea unit says hackers broke into systems, accessed customer data in second…

17 hours ago

Hitachi Energy Says AI Power Spikes Threaten Stability

Hitachi Energy says no other industry would be allowed the extremely volatile power use typical…

17 hours ago

EU Says AI Act Will Proceed Despite Critricism

European Commission says AI Act provisions will come into force in August and next year…

18 hours ago

Google AI Overviews Face EU Antitrust Complaint

Groups representing publishers and advertisers file complaints saying AI Overviews abuse Google's dominant position in…

18 hours ago

Apple China Sales Grow For First Time In Two Years

Apple iPhone sales grow in China for first time in two years after discounts, but…

19 hours ago

Synopsys, Cadence Shares Surge After EDA Controls Lifted

Synopsys, Cadence see shares rise sharply after US lifts restrictions on export of chip design…

19 hours ago