Published on the 25/07/2019 | Written by Heather Wright
Are IoT and cloud apps making your business a cyberattack target?…
Running cloud apps may be a helping businesses in many ways, but it’s keeping IT decision makers up at night, with nearly half of companies believing cloud apps make them a target for cyberattacks.
The 2019 Thales Access Management Index: The Challenges of Trusted Access in a Cloud-first World report, shows the rapid adoption of cloud applications has set IT decision makers on a quest for reconciling the speed of cloud with the security, compliance and scalability needs of the enterprise.
But cloud apps weren’t the biggest concern for the more than 1,000 IT decision makers polled globally (including in Australia). That honour went to areas more easily falling under control of companies: Unprotected infrastructure such as new IoT devices (54 percent) followed by web portals (50 percent). Cloud apps came third at 49 percent – and that’s actually a drop from last year’s 71 percent, something Thales says suggests that the speed organisations are adopting cloud applications has plateaued or slowed.
There’s a disconnect between the decision making and the implementation of cloud security.
In Australia, concerns over unprotected infrastructure run even higher, at 67 percent, putting the country second only to South Africa in their concerns.
Michael Connory, from Australian cyber research and advisory company Security in Depth, says in 2019 alone, 3,396 Australian organisations have reported being hacked.
“Additionally, an estimated 450 major data breaches have been reported to the OAIC. Our company this year has seen 11,475 individual phishing email scams, 5,539 reports of identity theft and the personal data of an estimated eight million Australian citizens stolen via data breaches.”
In New Zealand, meanwhile Cert NZ’s Q1 2019 report on cybersecurity breaches records nearly 1,000 incidents from January to March, at a cost of $1.7 million in direct financial losses. Organisations reported 61 percent of those losses.
The Thales report comes as security vendor Bitglass also weighs in with a report on cloud security, this one finding that while 75 percent of organisations use multiple cloud solutions, only 20 percent have visibility over cross-app anomalous behaviour. It also found that access control (52 percent) and anti-malware (46 percent) are the most used security capabilities.
Thales’ report too, points to cloud access management as a solution for the cloud apps security woes, with 97 percent believing it’s necessary to continue cloud adoption. But nearly an equal number – 95 percent – believe ineffective cloud access remains a concern for their organisation.
Two factor authentication was the most likely tool (58 percent) to be seen as being effective at securing cloud and web-based apps, followed by smart single-sign on (49 percent) and biometric authentication (47 percent).
But seeing something, doesn’t translate into actual doing by the looks of things, with the report finding 70 percent of respondents are using 2FA, with 36 percent using smart SSO and 53 percent using SSO.
Australian IT decision makers, however, are again following their own path, being the least likely (at 42 percent) to say cloud assess management was ‘definitely’ conducive to facilitating cloud adoption.
And despite 38 percent of organisations having a CISO, just one 14 percent of CISOs are actually given the final decision on cloud access management solutions deployed within their organisation. Instead, companies are putting their faith in a traditional IT role, such as the CIO to deal with the problem, something the report says suggests a disconnect between the decision making and the implementation of cloud security.