Account hijacking the top cloud security threat – Symantec

Covering 1,100 CISOs (Chief Information Security Officers) across 11 global markets, the survey revealed that Australian CISOs are concerned about growing threats to enterprise data in the cloud and their ability to respond quickly to attacks.

It found that 86% believe ensuring that cloud applications adhere to compliance regulations is one of the most stressful aspects of their job. The survey also found that Australian CISOs named account hijacking as a top external threat more than any other country surveyed.

Chief Executive Officers were not perfect either with 74% of CISOs believing that their CEO had broken internal security protocols, either intentionally or unintentionally.

Nick Savvides, Manager, Cyber Security Strategy at Symantec, said, “While the shift to cloud applications and services is of undeniable business value, cyber criminals see this new, borderless infrastructure as a potential goldmine. Widespread adoption of cloud applications in corporations, coupled with risky user behaviour that the corporation may not even be aware of, is further widening the scope for cloud-based attacks.”

{loadposition ray}

The report also found CISOs are concerned with compliance as much as protection

• 29% of cloud-based applications are unsanctioned – or ‘shadow apps’, that could be easy targets for cyber criminals;
• Tracking of activities in sanctioned cloud applications (21%);
• country and region-specific data residency and control regulations (17%);
• broad sharing of compliance-controlled data in cloud applications (25%);
• governance of corporate-owned mobile devices (15%); and
• employee use of unsanctioned cloud applications (22%).

Cybercriminal groups are increasingly using operating system features, legitimate tools, and cloud services to compromise networks. Today, CISOs require unparalleled visibility and control over all sensitive content within their business networks.

Rather than relying on one-off fixes and reactive patches, successful CISOs are eradicating exploitable vulnerabilities by deploying proactive, end-to-end solutions. This includes having control over every item that users upload, store and share via the cloud to protect confidential information through all stages of its lifecycle, anywhere and everywhere it travels.

CISOs swing into action – how are businesses protected?

The need for data security, compliance, and residency is driving Australian CISOs to look for encryption and/or tokenisation solutions to support their SaaS initiatives.

The survey reveals that:

• 89% of Australian CISOs believe tokenisation of cloud data is the best way to meet data residency and control regulations

But in contrast to the belief is the practice

• 61% use tokenisation methods
• 88% use only encryption to secure cloud data
• 51% use both encryption and tokenisation to secure their cloud data. 

As enterprises become more reliant on the cloud to improve collaboration and flexibility, it’s increasingly difficult for CISOs to keep track of, maintain compliance of and secure sensitive company data as it flows between on-premises systems, mobile applications and in cloud services.

To bolster their organisations’ information security further this year, 95% of Australian CISOs plan to increase spending on IT staff security training and on an average, new IT employees will undergo 20 hours of security training during the onboarding process.  Along with India, this is the longest amount of time out of any other country surveyed.

The cloud generation mandates a new model of integrated security which provides stronger protection, greater visibility and better control of critical assets, users and data. Addressing cloud security holistically will create operational efficiencies and allow Australian CISOs to take full advantage of the cloud. This approach will allow them to ensure their critical information is secure and protected, giving them the peace of mind they need to lead their companies in the data-driven era.