Thales, the technology group specializing in aerospace, defense, ground transportation and security, has released the 2021 edition of its Global Data ThreatReport. With the help of 451 Research, a research and consulting firm, a study was conducted around several areas related to cybersecurity, cloud environments, big data and data protection. More than 2,600 business leaders from 16 countries responded to the questions posed by the two organizations.
Cyber attacks have increased in 2020
The report, entitled “2021 Thales Data Threat Report”, indicated that 82% of companies feel there is a concern around security risks for telecommuting employees. This is a significant figure, especially as 2020 saw a significant increase in remote working due to the COVID-19 pandemic.
However, this fear appears to be well-founded when you consider the following result: almost half (47%) of companies have seen an increase in the number, severity and/or scope of cyber attacks over the last 12 months. For companies that have already experienced these threats, 41% of these attacks occurred in the last year. A figure that has almost doubled from the figure cited in 2019 (21%).
#cybersecurity: 47% of companies see an increase in the number, severity and/or scope of cyberattacks over the past 12 months Cliquez pour tweeterCyber attacks come from several sources: malware used in 54% of cases. Phishing is also used for 41%, as well as ransomware (48%). All of these threats can be countered, as evidenced by the solution offered by the start-up HarfangLab to fight ransomware. Earlier this month, the company obtained funding to develop its EDR software.
Security risks on the rise as teleworking increases
Internal threats (35% of cases) and human error (31%) remain the primary means by which cybercriminals carry out cyberattacks, according to the companies surveyed. External attacks represent 22% of the threat situations. Nearly half of the organizations said they did not have the security infrastructure necessary to deal with the increased risk of attack mentioned above. However, 20% of them state that they have prepared themselves accordingly.
The issue of data protection and inadequate measures taken in this regard are more pronounced in certain sectors: 61% of commercial companies experienced an audit failure or breach in 2020. This is the area most affected by these threats, followed by legal (57%), call centers (55%), transportation (54%) and telecommunications (52%).
Increased risk due to the complexity of cloud environments
Companies turning to the cloud to store data are on the rise, according to the study. Half of them point out that more than 40% of their data is stored in external cloud environments. Meanwhile, 17% of institutions have more than half of their sensitive data in the cloud.
Executives were asked about the complexity of multi-cloud environments. 45% of them said they use at least two Platform as a Service (PaaS) or Infrastructure as a Service (IaaS) providers, while a quarter of decision makers operate more than fifty Software as a Service (SaaS) solutions.
Sebastien Cano, Vice President for Cloud Protection & Licensing at Thales, commented on the complexity of managing data in the cloud:
“Teams around the world have faced immense security challenges over the past year as businesses have accelerated their digital transformation and cloud adoption initiatives. When migrating to multi-cloud solutions, the complexity of managing data can quickly lead to a loss of control. Not only do organizations risk losing track of where their data is stored in multiple cloud environments, but they may also fail to protect their sensitive data in the cloud. With record amounts of data being stored and used in the cloud, it is critical for organizations to deploy a proven security strategy that relies on data discovery, protection and control.”
What solutions are companies taking to mitigate these threats?
A large majority of businesses know that they now need to respond to the increase in threats and cyberattacks. 76% of organizations have cloud strategies that rely on Zero Trust security. In addition, 30% of respondents say they have adopted a true Zero Trust strategy. 44% of institutions have chosen to invest in Zero Trust network access and software-defined perimeter (SDP), 42% have looked at cloud-based access management and 41% have looked at conditional access.
Eric Hanselman, chief analyst at 451 Research, an S&P Global Market Intelligence company
“Native controls and protections available on cloud environments cover a basic set of capabilities, but often fall short when it comes to providing effective protections for sensitive data and workloads, especially in the area of regulatory compliance, such as RGPD and the ramifications of Schrems II. Organizations need to use encryption and ensure they are taking full advantage of the benefits that come with it, controlling the keys that protect their data via BYOK (Bring Your Own Key), HYOK (Hold Your Own Key) or BYOE (Bring Your Own Encryption) approaches. Organizations must also make internal changes to ensure that staff at all levels understand the security challenges and adjust their investment priorities accordingly. Management teams need to develop a more holistic understanding of the various layers of risk and attack that frontline staff face.”
One final finding contrasts with the initiatives taken by companies: 85% of respondents expressed concern about quantum computing threats, a fear potentially stemming from the complexity of cloud environments.
Translated from Thalès publie son rapport annuel sur les cyberattaques et les environnements cloud en entreprise
