sb-as logo
Story image

Enterprise at tipping point, says Symantec

Enterprises are struggling to keep up with the rapid expasion of cloud within their business, according to new research from Symantec. 

The new research, Symantec’s Cloud Security Threat Report, surveyed more than 1200 security decision makers across the globe and uncovered insights on the shifting cloud security landscape, finding enterprises have reached a tipping point.

The survey found more than half (53%) of all enterprise compute workload has been migrated to the cloud. However, security practices are struggling to keep up – over half (54%) of enterprises indicate their organisation’s cloud security maturity is not able to keep up with the rapid expansion of cloud apps.

“The adoption of new technology has almost always led to gaps in security, but we’ve found the gap created by cloud computing poses a greater risk than we realise, given the troves of sensitive and business-critical data stored in the cloud," says Nico Popp, senior vice president, Cloud & Information Protection, Symantec. 

"In fact, our research shows that 69% of organisations believe their data is already on the Dark Web for sale and fear an increased risk of data breaches due to their move to cloud," he says. 

Popp says data breaches can have a clear impact on enterprises’ bottom line, and security teams are desperate to prevent them. 

"However, our 2019 CSTR shows it’s not the underlying cloud technology that has exacerbated the data breach problem – it’s the immature security practices, overtaxed IT staff and risky end-user behaviour surrounding cloud adoption," he explains.

The report found that security modernisation isn’t keeping pace with the cloud.

"Companies are struggling to modernise their security practices at the same pace that they adopt cloud," Popp says. 
Seventy three percent experienced a security incident due to immature practices, the report found. Lack of visibility into cloud workloads is the leading cause – an overwhelming majority of survey respondents (93%) report issues with keeping tabs on all cloud workloads. 

For example, Symantec’s research found that while companies estimate they use 452 cloud apps on average, the actual number is nearly four times higher, at 1,807. 

As a result of these immature practices, including poor configuration or failing to use encryption or multi-factor authentication (MFA), enterprises are facing an increased risk of insider threats – ranked by respondents as the third biggest threat to cloud infrastructure. CSTR data shows that 65% of organisations fail to implement MFA in IaaS configurations and 80% don’t use encryption.

The report summised that complexity is taking a toll.

With cloud adoption introducing increased complexity in how IT is deployed – now across public cloud, private cloud, hybrid, on-prem – and where data needs to be secured, IT teams are becoming overtaxed, Symantec says. 

Given this, Popp says it’s not surprising that the CSTR revealed 25% of cloud security alerts go unaddressed. A majority (64%) of the security incidents occur at the cloud level, and more than half of respondents admit they can’t keep up with security incidents. 

What’s more, says Popp, is that the future looks foggy – 83% feel they do not have processes in place to be effective in acting on cloud security incidents.

Symantec says risky behaviours run rampant.

One of the biggest challenges for security teams attempting to get a handle on the cloud is rampant risky user behaviour. 

According to CSTR respondents, nearly one in three employees exhibit risky behaviour in the cloud, and Symantec’s own data shows 85% are not using best security practices. 

As a result of these risky behaviours, sensitive data is frequently stored improperly in the cloud, making enterprises more susceptible to breach; 93% of CSTR respondents say oversharing is a problem, estimating that more than a third of files in the cloud should not be there. 

Additionally, the cloud is not immune to the risky behaviour that plagued past technologies – respondents report users with weak passwords (37%) using poor password hygiene (34%), using unauthorised cloud apps (36%), and connecting with personal devices (35%) as common risky behaviour.

The way forward

While the cloud has introduced new efficiencies and capabilities to the enterprise, the CSTR reveals that too many companies are not confronting the security risks that cloud adoption has introduced, including an increased risk of data breaches, Symantec says. 

"Investment in cloud cyber security platforms that leverage automation and AI to supplement visibility and overtaxed human resources is a clear way to automate defences and enforce data governance principles," says Popp. 

"However, as the consequences of cyber security become increasingly impactful to business success, it is also time to recalibrate culture and adopt security best practices at a human level."

Story image
The business case for an in-house ethical hacker
Ethical hackers, also known as penetration testers or white-hat hackers, mimic the techniques used by malicious hackers to try and break into computer systems and discover vulnerabilities before the bad guys can exploit them.More
Story image
Google Cloud observes spike in DDoS volumes in last two years
Google Cloud has seen an ‘exponential’ rise in distributed denial of service (DDoS) attacks over the past decade, but the biggest attacks have only occurred in the past couple of years.More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
Index Engines enhances ransomware detection and recovery software
CyberSense helps organisations win the war against cyberattacks.More