90 percent of data breaches are caused by human error

Image credit: Shutterstock

A new report from Kaspersky Lab has revealed that security incidents in public cloud infrastructure are more likely to occur as a result of a customer's employees rather than by actions carried out by cloud providers.

The cybersecurity firm's Understanding security of the cloud: from adoption benefits to threats and concerns report shed light on the fact that 90 percent of corporate data breaches in the cloud happen due to social engineering attacks which target customers' employees and not because of problems caused by their cloud providers.

While cloud adoption allows businesses to benefit from more agile business processes, reduced CAPEX and faster IT provision, organizations still worry about cloud infrastructure continuity and the security of their data. 

According to Kaspersky's research, over a third of both SMB and enterprise companies are concerned about incidents affecting IT infrastructure hosted by a third party which could make the benefits of cloud redundant and carry commercial and reputational risks.

Social engineering

Despite the fact that organizations are primarily worried about the integrity of external cloud platforms, they are more likely to be affected by weaknesses closer to home with a third of incidents in the cloud caused by social engineering techniques while only 11 percent can be blamed on actions taken by a cloud provider.

Kasperksy's survey shows there is still a great deal of room for improvement to ensure adequate cybersecurity measures are in place when working with third parties in the cloud. For instance, only 39 percent of SMBS and 47 percent of enterprises have implemented tailored protection for the cloud.

Vice President of Global Sales at Kaspersky Lab, Maxim Frolov provided further insight on the findings of the report, saying:

“The first step for any business when migrating to public cloud is to understand who is responsible for their business data and the workloads held in it. Cloud providers normally have dedicated cybersecurity measures in place to protect their platforms and customers, but when a threat is on the customer’s side, it is no longer the provider’s responsibility. Our research shows that companies should be more attentive to the cybersecurity hygiene of their employees and take measures that will protect their cloud environment from the inside.”

The company recommends that businesses educate their employees regarding the negative effects of shadow IT and warn them that they can become victims of cyber threats while implementing an endpoint security solution to prevent social engineering attack vectors.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.