View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
June 25, 2024

Cloud resources now biggest target for cyberattacks, new report finds

Findings of Thales’s cloud security report reflect growing concerns about data sovereignty and privacy in cloud environments.

By Livia Giannotti

Cloud services, infrastructure and applications are the primary subjects of cyberattacks, amidst the increasing presence of cloud environments in organisations, according to the 2024 Thales Cloud Security Study.

A photo of a cloud facility, used to illustrate an article about cloud security.
The Thales report highlights the importance of protecting cloud environments. (Photo by Shutterstock)

“The scalability and flexibility that the cloud offers is highly compelling for organisations, so it’s no surprise it is central to their security strategies,” Thales’s senior vice president for cloud protection and licensing activities Sebastien Cano said in a statement. “However, as the cloud attack surface expands, organisations must get a firm grasp on the data they have stored in the cloud, the keys they’re using to encrypt it, and the ability to have complete visibility into who is accessing the data and how it is being used.”

“It is vital to solve these challenges now, especially as data sovereignty and privacy have emerged as top concerns in this year’s research,” Cano said.

The annual assessment of cloud security threats and trends details that among the targeted cloud resources, 31% are SaaS applications, 30% are cloud storage and 26% are cloud management infrastructure. 

“As a result, protecting cloud environments has risen at the top security ahead of all other security disciplines,” the report says.

The Thales study is based on surveys with almost 3000 IT and security professionals across 18 countries in 37 industries. 

Human errors are an important factor in security breaches

The impact of human errors, misconfiguration, or mistaken interactions with the cloud – including unintended actions – are cited as “leading contributors” to breaches and other cyber incidents. 

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“Infrastructure and technology aren’t the only aspects of cloud environments exposed to risk. Technology, after all, exists to serve people — which means that the interaction of people with technology, and the degree to which human action can compromise technology, is a factor in cybersecurity,” the report says. 

And this observation is all the more relevant when considering data breaches in the cloud, the study shows. Among the respondents who reported a cloud data breach, 31% said the “root cause” was human error. 

Other highly ranking factors include external attackers (cyber criminals, hacktivists and nation-state actors) as well as malicious insiders.

Focus spending on modern cloud security

The report states that among respondents, the top category for security spending is investing in cloud security.

While the study emphasises the importance of this focus, it also notes that spendings are often used in ways that are not particularly compatible with modern cloud security. “While 24% of respondents prioritise cloud security measures as effective, other, more traditional (and arguably better-known) categories such as workforce IAM (30%) and endpoint security (31%) were chosen more frequently,” the report says.

“Modern cloud security tools and techniques are increasingly implemented by developer and operator teams that often work together as ‘DevOps’ organisations. Solutions such as secrets management and authorisation are directly used by developers with potentially less oversight by central security teams.”

Encrypt cloud data

One of the main concerns expressed by Thales’s study is the consistently low rate of encrypted sensitive data in the cloud. The report says that although 47% of cloud data is “sensitive”, encryption rates “remain stubbornly low with less than 10% of enterprises claiming they have encrypted 80% or more of their cloud data.”

According to Thales, protecting data stored on the cloud – and especially sensitive data – is an issue that concerns even the most highly secured and protected environments. Considering the growing scale and diversity of cloud resources – but also of cyberattacks – “if organisations maintain the same levels and types of control, they are effectively falling behind,” the report says.

“The complexity of encryption management may be a contributing factor,” according to the findings. “As new cloud environments are added, organisations must be able to centralise their key management capabilities rather than create new ones that must be managed independently. This level of complexity also raises the risk of human error.” 

Read more: EU urged not to discriminate against Big Tech through new cybersecurity certification scheme

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.