Cloud resources top targets for cyber-attacks in 2024 Thales study

Cloud resources have emerged as the primary targets for cyber-attacks, according to the 2024 Thales Cloud Security Study. The report, based on a survey of nearly 3,000 IT and security professionals from 18 countries, provides insights into the latest cloud security threats, trends, and risks.

Key findings from the study indicate that nearly half (47%) of all corporate data stored in the cloud is sensitive. Moreover, 44% of the organisations surveyed have experienced a cloud data breach, with 14% reporting an incident within the past year. The study also found that nearly a third (31%) of organisations view digital sovereignty initiatives as crucial for future-proofing their cloud environments.

The report highlights that Software as a Service (SaaS) applications (31%), Cloud Storage (30%), and Cloud Management Infrastructure (26%) are the most frequently targeted areas of attack. With the increasing use of cloud environments, these areas are now a higher priority for security measures than other traditional security disciplines.

Human error and misconfiguration remain the leading causes of cloud data breaches, accounting for 31% of incidents. This is followed by the exploitation of known vulnerabilities (28%) and the failure to use Multi-Factor Authentication (17%). Despite these vulnerabilities, only a small percentage of enterprises encrypt the majority of their sensitive cloud data, with less than 10% encrypting 80% or more of such information.

As cloud usage continues to grow, the potential attack surface expands. The study notes that 66% of organisations use more than 25 SaaS applications, contributing to the increased vulnerability. The need for effective cloud protection is, therefore, more critical than ever for maintaining data security and privacy.

Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales, emphasised the importance of managing cloud security: “The scalability and flexibility that the cloud offers is highly compelling for organisations, so it’s no surprise it is central to their security strategies. However, as the cloud attack surface expands, organisations must get a firm grasp on the data they have stored in the cloud, the keys they’re using to encrypt it, and the ability to have complete visibility into who is accessing the data and how it’s being used. It is vital to solve these challenges now, especially as data sovereignty and privacy have emerged as top concerns in this year’s research.”

The study also reveals that as organisations gain more experience with cloud computing, they are modernising their investments to address new security challenges. For those prioritising digital sovereignty, the primary strategy is refactoring applications to logically separate, secure, store, and process cloud data. This approach is preferred over measures such as repatriating workloads back to on-premises or in-territory data centres. Future-proofing cloud environments was cited as the main driver behind digital sovereignty initiatives by 31% of respondents, with compliance and regulatory adherence coming in second at 22%.

The findings from the 2024 Thales Cloud Security Study underscore the evolving landscape of cloud security and the growing importance of implementing robust measures to protect sensitive data. As organisations continue to adopt and integrate cloud technologies, addressing security challenges remains a critical priority for maintaining information integrity and compliance with emerging digital sovereignty requirements.