Survey: 58 Percent of Organizations Say Third Parties and Suppliers Were Target of Cloud-Based Breach

Survey: 58 Percent of Organizations Say Third Parties and Suppliers Were Target of Cloud-Based Breach

  • Aug 18, 2022

Proofpoint, Inc., a cybersecurity and compliance company, announced the release of its latest study, Cloud and Web Security Challenges in 2022, in collaboration with The Cloud Security Alliance (CSA). The commissioned study queried more than 950 information technology and security professionals from various organization sizes and locations to better understand the industry’s knowledge, attitudes, and opinions regarding cloud- and web-delivered threats. The results reveal that organizations are struggling to sufficiently secure new cloud environments implemented during the pandemic, while maintaining legacy equipment and trying to adapt their overall security strategy to the evolving landscape.

“In the wake of COVID-19, organizations substantially accelerated their digital transformation initiatives to accommodate a remote workforce.” said Hillary Baron, lead author and research analyst at CSA, the world’s leading organization in defining standards, certifications, and best practices to help ensure a secure cloud computing environment. “While these initiatives strive toward improving worker productivity, product quality, or other business objectives, there are unintended consequences and challenges because of the large-scale structural changes required. One of those challenges is developing a cohesive approach to cloud and web threats while managing legacy and on-premise security infrastructure.”

As organizations continue to migrate to the cloud, reliance on third parties and partners increases, which in turn exacerbates the risk of threats through the supply chain. The Cloud and Web Security Challenges in 2022 study shows that 81% of responding organizations are moderately to highly concerned about risks surrounding suppliers and partners, with almost half (48%) specifically concerned about potential data loss as a result of such risks. This high level of concern is entirely warranted as 58% of organizations indicated that third parties and suppliers were the target of a cloud-based breach in 2021.

The study reveals that defending data is rightfully a top concern for businesses, with 47% listing “sensitive data loss” as their most concerning outcome of cloud and web attacks. The specific types of data organizations are most concerned with are customer data, credentials, and intellectual property. 43% of organizations listed protecting customer data as their primary cloud and web security objective for 2022. Despite this, only one-third (36%) of the organizations surveyed have a dedicated Data Loss Prevention (DLP) solution in place.

“As organizations adopt cloud infrastructures to support their remote and hybrid work environments, they must not forget that people are the new perimeter. It is an organization’s responsibility to properly train and educate employees and stakeholders on how to identify, resist and report attacks before damage is done.” said Mayank Choudhary, executive vice president and general manager of Information Protection, Cloud Security & Compliance for Proofpoint. “Cultivating a culture of security within and around your organization coupled with the use of multiple streamlined solutions is critical to effectively protect people against cloud and web threats and defend organizational data.”

Key findings from the study include:

  • 47% of those surveyed listed “sensitive data loss” as their most concerning outcome of cloud and web attacks, while “paying ransom” was of least concern to respondents (10%).
  • 58% had a third party, contractor, and/or partner targeted in a cloud breach.   
  • Organizations are concerned that targeted cloud applications either contain or provide access to data such as email (36%), authentication (37%), storage/file sharing (35%), customer relationship management (33%), and enterprise business intelligence (30%).
  • Almost half of those surveyed (47%) blame dealing with legacy systems as key concern with their cloud security posture, while 37% feel they need to coach toward more secure employee behavior.
  • Only one-third (36%) of organizations surveyed have a dedicated Data Loss Prevention (DLP) solution in place. Other solutions implemented include Endpoint Security (47%), Identity Management solutions (43%) and Privileged Access Management (38%).

The full report can be found here: https://www.proofpoint.com/us/resources/e-books/cloud-and-web-attacks-cloud-security-alliance-report.

Featured

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events

  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

  • DHS to End ‘Shoes-Off’ Travel Policy

    Homeland Security Secretary Kristi Noem announced a new policy today which will allow passengers traveling through domestic airports to keep their shoes on while passing through security screening at TSA checkpoints. Read Now

Most   Popular

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.