Account hijacking top cloud security threat: Symantec

Technology > Security

Covering 1,100 CISOs (Chief Information Security Officers) across 11 global markets, the survey revealed that Australian CISOs are concerned about growing threats to enterprise data in the cloud and their ability to respond quickly to attacks.

It found that 86% believe ensuring that cloud applications adhere to compliance regulations is one of the most stressful aspects of their job. The survey also found that Australian CISOs named account hijacking as a top external threat more than any other country surveyed.

Chief Executive Officers were not perfect either with 74% of CISOs believing that their CEO had broken internal security protocols, either intentionally or unintentionally.

Nick Savvides, Manager, Cyber Security Strategy at Symantec, said, “While the shift to cloud applications and services is of undeniable business value, cyber criminals see this new, borderless infrastructure as a potential goldmine. Widespread adoption of cloud applications in corporations, coupled with risky user behaviour that the corporation may not even be aware of, is further widening the scope for cloud-based attacks.”

The report also found CISOs are concerned with compliance as much as protection.

Twenty-nine percent of cloud-based applications are unsanctioned – or ‘shadow apps’, that could be easy targets for cyber criminals;

Tracking of activities in sanctioned cloud applications (21%);

country and region-specific data residency and control regulations (17%);

broad sharing of compliance-controlled data in cloud applications (25%);

governance of corporate-owned mobile devices (15%); and

employee use of unsanctioned cloud applications (22%).

Cyber criminal groups are increasingly using operating system features, legitimate tools, and cloud services to compromise networks. Today, CISOs require unparalleled visibility and control over all sensitive content within their business networks.

Rather than relying on one-off fixes and reactive patches, successful CISOs are eradicating exploitable vulnerabilities by deploying proactive, end-to-end solutions. This includes having control over every item that users upload, store and share via the cloud to protect confidential information through all stages of its lifecycle, anywhere and everywhere it travels.

The need for data security, compliance, and residency is driving Australian CISOs to look for encryption and/or tokenization solutions to support their SaaS initiatives.

The survey reveals that:

89% of Australian CISOs believe tokenisation of cloud data is the best way to meet data residency and control regulations

But in contrast to the belief is the practice

61% use tokenisation methods

88% use only encryption to secure cloud data

51% use both encryption and tokenisation to secure their cloud data. 

As enterprises become more reliant on the cloud to improve collaboration and flexibility, it’s increasingly difficult for CISOs to keep track of, maintain compliance of and secure sensitive company data as it flows between on-premises systems, mobile applications and in cloud services.

To bolster their organizations’ information security further this year, 95% of Australian CISOs plan to increase spending on IT staff security training and on an average, new IT employees will undergo 20 hours of security training during the onboarding process.  Along with India, this is the longest amount of time out of any other country surveyed.

Image: Blue Coat Photos / Flickr