15 months after panicked migrations to the Cloud and remote-working arrangements, is the world handing the increase in cybercrime well?

More than a year into the pandemic-driven need to switch to remote-working and hybrid working models, many businesses still remain concerned about the security risks associated with the practice.

This is just one of the key insights from a Feb 2021 study commissioned by European technology group Thales across more than 2,600 executives with responsibility for or influence over IT and data security in 16 countries across healthcare, financial services, retail, technology, and federal government.

The study concludes that managing security risks is undoubtedly getting more challenging among its respondents, with 47% of businesses seeing an increase in the volume, severity, and/or scope of cyber-attacks in the past 12 months.

Attacks on the rise

Of respondents who ever experienced a breach, 41% said it had happened in the last year. This is compared to 21% in 2019. Other findings include:

  • Globally, 54% of attacks were malware, comprising the leading source of security attacks, followed by ransomware (48%), and phishing (41%).
  • 35% of respondents stated that malicious insiders were the greatest risks to their organization. For human error and external attackers, the figures were 31% and 22% respectively.
  • 46% of respondents reported that their security infrastructure was not prepared to handle the increased cybersecurity risks. Only 20% of organizations believe they were ‘very prepared’.
  • 61% of retailers surveyed experienced a breach or failing an audit involving data and applications stored in the cloud in the past year—the most of any industry surveyed. The same fate affected legal (57%), call centre (55%), transportation (54%), and telecommunications (52%) sectors in the past 12 months.
  • 50% of respondent businesses reported that more than 40% of their data was stored in external cloud environments. Despite this, only 17% of business respondents had encrypted at least half of their sensitive data stored in the cloud. On top of this, 45% of respondents were using at least two Platform as a Service providers and/or two Infrastructure as a Service providers. Some 27% of businesses in the survey were currently using more than 50 Software-as-a-Service apps.

Commented Sebastien Cano, the firm’s Senior Vice President for Cloud Protection and Licensing activities: “Over the last year teams across the globe have faced huge security challenges as companies accelerated their digital transformation and cloud adoption initiatives. When migrating to multicloud solutions, data management can quickly spiral out of control. Organizations not only risk losing track of where their data is stored across multi-cloud environments but also fail to protect sensitive data in the cloud. With once unprecedented amounts of data now being used and stored in the cloud, it is vital that businesses deploy a robust security strategy based on data discovery, protection and control.”

The road ahead for Zero Trust

Companies in the study recognized the issues they were facing and were attempting to address them with Zero Trust strategies. Some 76% of respondents’ cloud strategy reportedly relied to some degree on this type of security.

Almost half (44%) of respondents selected Zero Trust network access (ZTNA)/software-defined perimeter (SDP) as the technology to invest in during the pandemic. This was followed by cloud-based access management (42%) and conditional access (41%). Finally, 30% of global respondents claimed to have a formal Zero Trust strategy, while those with a formal Zero Trust strategy were less likely to also report having been breached.

However, despite businesses making moves to stop current threats, worries were growing about future challenges. Looking ahead, 85% of global respondents were concerned about the security threats of quantum computing, a threat arguably exacerbated by the increasing complexity of cloud environments.