Cloud customers, not providers, responsible for most cyber security incidents

Register now

Many organizations expect cloud providers to be responsible for the protection of data stored on their platforms. But cyber security incidents in the cloud are most often caused by a cloud customer’s employees, rather than by the provider themselves, according to a recent report from security company Kaspersky Lab.

The study is based on a survey of 7,186 organizations worldwide that the company conducted in 2018. The research found that for companies that have experienced a data breach affecting their public cloud infrastructure, social engineering was part of the attack for 88 percent of small and mid-sized businesses (SMBs) and 91 percent of enterprises.

More than one third (37 percent) of SMBs and half (50 percent) of enterprises are either currently using public cloud services or planning to increase their use. However, when making the shift to the cloud, many organizations are concerned about infrastructure continuity and the security of their data.

At least one third of those surveyed in both SMB and enterprise companies (35 percent at SMBs and 39 percent at enterprises) are concerned about incidents affecting IT infrastructure hosted by a third party.

However, while organizations are mainly concerned about the integrity of external cloud platforms, they are far more likely to be affected by weaknesses such as phishing and other social engineering tactics. A successful breach carried out using social engineering can cost an SMB $206,000 on average, rising to more than $2 million for an enterprise, the report said.

For reprint and licensing requests for this article, click here.