Survey: 58 Percent of Organizations Say Third Parties and Suppliers Were Target of Cloud-Based Breach

Survey: 58 Percent of Organizations Say Third Parties and Suppliers Were Target of Cloud-Based Breach

Proofpoint, Inc., a cybersecurity and compliance company, announced the release of its latest study, Cloud and Web Security Challenges in 2022, in collaboration with The Cloud Security Alliance (CSA). The commissioned study queried more than 950 information technology and security professionals from various organization sizes and locations to better understand the industry’s knowledge, attitudes, and opinions regarding cloud- and web-delivered threats. The results reveal that organizations are struggling to sufficiently secure new cloud environments implemented during the pandemic, while maintaining legacy equipment and trying to adapt their overall security strategy to the evolving landscape.

“In the wake of COVID-19, organizations substantially accelerated their digital transformation initiatives to accommodate a remote workforce.” said Hillary Baron, lead author and research analyst at CSA, the world’s leading organization in defining standards, certifications, and best practices to help ensure a secure cloud computing environment. “While these initiatives strive toward improving worker productivity, product quality, or other business objectives, there are unintended consequences and challenges because of the large-scale structural changes required. One of those challenges is developing a cohesive approach to cloud and web threats while managing legacy and on-premise security infrastructure.”

As organizations continue to migrate to the cloud, reliance on third parties and partners increases, which in turn exacerbates the risk of threats through the supply chain. The Cloud and Web Security Challenges in 2022 study shows that 81% of responding organizations are moderately to highly concerned about risks surrounding suppliers and partners, with almost half (48%) specifically concerned about potential data loss as a result of such risks. This high level of concern is entirely warranted as 58% of organizations indicated that third parties and suppliers were the target of a cloud-based breach in 2021.

The study reveals that defending data is rightfully a top concern for businesses, with 47% listing “sensitive data loss” as their most concerning outcome of cloud and web attacks. The specific types of data organizations are most concerned with are customer data, credentials, and intellectual property. 43% of organizations listed protecting customer data as their primary cloud and web security objective for 2022. Despite this, only one-third (36%) of the organizations surveyed have a dedicated Data Loss Prevention (DLP) solution in place.

“As organizations adopt cloud infrastructures to support their remote and hybrid work environments, they must not forget that people are the new perimeter. It is an organization’s responsibility to properly train and educate employees and stakeholders on how to identify, resist and report attacks before damage is done.” said Mayank Choudhary, executive vice president and general manager of Information Protection, Cloud Security & Compliance for Proofpoint. “Cultivating a culture of security within and around your organization coupled with the use of multiple streamlined solutions is critical to effectively protect people against cloud and web threats and defend organizational data.”

Key findings from the study include:

  • 47% of those surveyed listed “sensitive data loss” as their most concerning outcome of cloud and web attacks, while “paying ransom” was of least concern to respondents (10%).
  • 58% had a third party, contractor, and/or partner targeted in a cloud breach.   
  • Organizations are concerned that targeted cloud applications either contain or provide access to data such as email (36%), authentication (37%), storage/file sharing (35%), customer relationship management (33%), and enterprise business intelligence (30%).
  • Almost half of those surveyed (47%) blame dealing with legacy systems as key concern with their cloud security posture, while 37% feel they need to coach toward more secure employee behavior.
  • Only one-third (36%) of organizations surveyed have a dedicated Data Loss Prevention (DLP) solution in place. Other solutions implemented include Endpoint Security (47%), Identity Management solutions (43%) and Privileged Access Management (38%).

The full report can be found here: https://www.proofpoint.com/us/resources/e-books/cloud-and-web-attacks-cloud-security-alliance-report.

Featured

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • The Progress of Biometrics

  • Next-Gen AI for Smart Cities

    The future of smart city technology is not being shaped in Silicon Valley — it is taking root in Dubuque, Iowa. With a population of about 60,000, this mid-sized city has become a live testbed for AI-driven traffic management thanks to a unique public-private collaboration led by Milestone Systems. Project Hafnia demonstrates how cities can transform urban mobility and safety through Responsible Technology—without costly infrastructure overhauls. Read Now

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.