Nearly half (44%) of organizations have experienced a cloud data breach, with 14% reporting having had an incident in the past 12 months, according to Thales 2024 Cloud Security Study.
Human error and misconfigurations occurred in 31% of breaches, the top root cause of cloud breaches. This was significantly lower compared to last year’s report, where over half (55%) of cloud incidents were caused by human error.
Exploitation of known vulnerabilities was the next highest root cause of cloud breaches, at 28%, representing a seven-point increase compared to Thales’ 2023 report.
Exploitation of previously unknown vulnerabilities/zero days accounted for 24% of breaches.
Failure to use multi-factor authentication (MFA) was another significant cause of cloud breaches, identified in 17% of cases.
Read here: Vulnerability Exploitation on the Rise as Attackers Ditch Phishing
The biggest cloud targets cited by respondents were SaaS applications (31%), cloud storage (30%) and cloud management infrastructure (26%).
Of those who identified cloud management infrastructure as a target, 72% identified underlying infrastructure compromise as a target of increasing attacks.
Growing Cloud Attack Surface
The Thales report highlighted the expanding cloud attack surface for attackers, with 66% of organizations using more than 25 SaaS applications.
Additionally, 47% of corporate data held in the cloud is sensitive. Despite this, less than 10% of enterprises have encrypted 80% or more of their cloud data.
Nearly half of respondents said they agree or strongly agree that it is more difficult to manage compliance and privacy due to cloud complexity – a similar proportion to the previous three Thales Cloud Security reports.
This complexity challenges the management of encrypted content in cloud environments, with 53% indicating that they use five or more key management systems.
The researchers said that this level of complexity raises the risk of human error occurring.
Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales, commented: “The scalability and flexibility that the cloud offers is highly compelling for organizations, so it’s no surprise it is central to their security strategies.”
He added, “However, as the cloud attack surface expands, organizations must get a firm grasp on the data they have stored in the cloud, the keys they’re using to encrypt it, and the ability to have complete visibility into who is accessing the data and how it being used. It is vital to solve these challenges now, especially as data sovereignty and privacy have emerged as top concerns in this year’s research.”
Around two-thirds (65%) of respondents identified cloud security as a current concern, and cloud security was the top category of security spending, reported by 33% of all respondents.