Ransomware attacks, human error as main cause of cloud data breaches in India and worldwide: Report
Apr 19, 2023
New Delhi [India], April 19 : An increase in ransomware attacks and human error is the leading cause of the cloud data breach in India and worldwide, according to the Thales data threat 2023 report.
Thales released the data, on Tuesday, on security threats, trends and emerging topics based on the survey of nearly 3000 IT and security professionals in 18 countries.
Half of the IT professionals surveyed in India believe that security threats are increasing in volume or severity with 52 per cent reporting an increase in ransomware attacks.
The figure from India is higher than the global figure of 47 per cent of IT professionals believing that security threats are increasing in volume or severity, while 48 per cent indicated an increase in ransomware attacks, as per the data.
More than a third (38 per cent) of respondents in India (37 per cent globally) have experienced a data breach in the past 12 months, including 23 per cent (22 per cent globally) reporting that their organisation had been a victim of a ransomware attack.
Respondents identified their cloud assets and IoT devices as the biggest targets for cyber-attacks. 53 per cent of respondents in India said that their IoT devices were the biggest targets, followed by Cloud-based storage (41 per cent) and Cloud delivered applications (SaaS) (40 per cent), according to Thales data threat report.
At the global level, 28 per cent of the respondents said SaaS apps and cloud-based storage were the biggest targets, followed by cloud-hosted applications (26 per cent) and cloud infrastructure management (25 per cent). The increase in cloud exploitation and attacks is directly due to the increase in workloads moving to the cloud as 75 per cent of respondents globally said 40 per cent of data stored in the cloud is now classified as sensitive compared to 49 per cent of respondents in 2022.
These are just a few of the key insights from the 2023 Thales Data Threat Report, conducted by 451 Research, which surveyed both private and public sector organisations. It reveals how businesses are responding and planning their data security strategies and practices in light of a changing threat landscape and the progress they are making to address threats.
According to the Thales new data, human error and ransomware have largely impacted on the Cloud data breach in India.
Simple human error, misconfiguration or other mistakes can accidentally lead to breaches - and respondents identified this as the leading cause of cloud data breaches. For those organisations that have suffered a data breach in the past 12 months, misconfiguration or human error was the primary cause identified by 52 per cent of respondents in India and 55 per cent globally. This was followed by the exploitation of a known vulnerability (21 per cent in India as well as globally) and of a zero-day / previously unknown vulnerability (21 per cent in India and 13 per cent globally). The report finds that identity and access management (IAM) is the best defence, with 28 per cent of respondents globally identifying it as the most effective tool to mitigate these risks, reported Thales data threat report.
Meanwhile, the severity of ransomware attacks appears to be declining, with 35 per cent of 2023 respondents globally reporting that ransomware had a significant impact compared to 44 per cent of respondents reporting similar levels of impact in 2022.
Global spending is moving in the right direction too, with 61 per cent reporting (in India and globally) they would shift or add a budget for ransomware tools to prevent future attacks - up from the global figure of 57 per cent in 2022 - yet organisational responses to ransomware remain inconsistent. Only 48 per cent of enterprises in India (nearly the same as 49 per cent globally) reported having a formal ransomware response plan, while 82 per cent (67 per cent globally) still report data loss from ransomware attacks.
Digital sovereignty is becoming more top of mind for data privacy and security teams. Overall, the report found that data sovereignty remains both a short- and long-term challenge for enterprises.
82 per cent (nearly the same as 83 per cent globally) expressed concerns over data sovereignty, and 44 per cent (55 per cent globally) agreed that data privacy and compliance in the cloud has become more difficult, likely due to the emergence of requirements around digital sovereignty, according to Thales data threat report.
Emerging threats from quantum computers that could attack classical encryption schemes are also a cause for concern for organisations. The report found that Harvest Now, Decrypt Later ("HNDL") and future network decryption were the greatest security concerns globally from quantum computing - with 62 per cent and 55 per cent reporting concerns respectively. While Post Quantum Cryptography (PQC) has emerged as a discipline to counter these threats, the report found that 62% of organisations globally have five or more key management systems, presenting a challenge for PQC and crypto agility.