Many organisations were storing their data on the cloud even before the COVID-19 pandemic compelled them to go digital. However, the recent increase in cloud adoption has resulted in a rise in cyberattacks targeting cloud data, according to the 2021 Thales Global Cloud Security Study.
It found that a quarter of Australian (26%) and New Zealand (26%) businesses stored sensitive data in the cloud, while about half of respondents in Australia (51%) and New Zealand (43%) reported a cloud breach in the last year.
What's worse, 92% of Australian and 75% of New Zealand businesses still fail to encrypt half of the sensitive data they store in the cloud, raising concerns on the impact of cyberattacks.
Even when businesses encrypt their data in the cloud for protection, 33% of Australian and 28% of New Zealand organisations said they mostly leave the control of keys to service providers.
The COVID-19 pandemic brought a “ransomware-driven digital pandemic” as organisations go digital, according to a recent Allianz Global Corporate & Specialty's (AGCS) report, which revealed that the insurer received more than a thousand cyber claims overall in 2020, up from about 80 in 2016. Specifically, the number of ransomware claims (90) rose by 50% compared to 2019 (60).
Meanwhile, an Accenture report revealed that cyber intrusion activity worldwide jumped by 125% in the first half of 2021 compared to the same period in 2020, and IBM's X-Force Threat Intelligence Index, published in August 2021, warned that 23% of cyberattacks are directed at financial institutions.
Brian Grant, ANZ director at Thales, said it is no longer “if a cyberattack occurs, but “when” – highlighting the importance of a robust security strategy.
“A robust security strategy is essential to ensuring data and business operations remain secure. With nearly every business reliant on the cloud to some extent, it is vital that security teams have the ability to discover, protect, and maintain control of their data,” Grant said.
Regarding how to proactively protect data in the cloud, Fernando Montenegro, principal research analyst, information security at 451 Research, part of S&P Global Market Intelligence, advised organisations to prioritise customer data while reviewing their strategies.
“This includes understanding the role of specific technologies including encryption and key management, as well as the shared responsibilities between providers and their customers,” Montenegro added. “As data privacy and sovereignty regulations grow, it will be paramount that organisations have a clear understanding of how they remain responsible for data security and make clear decisions about who is in control and who can access their sensitive data.”