Ransomware attacks, human error main cause of cloud data breaches: Report

An increase in ransomware attacks and human error is the leading cause of cloud data breaches in India and globally, 2023 Thales data threat report said.

Thales conducted a survey of nearly 3,000 IT and security professionals in 18 countries for its data on security threats, trends, and emerging topics, which was released on Tuesday.

According to the data, nearly half (47 per cent) of IT professionals in India believe that the volume or severity of security threats is increasing, while 48 per cent believe that ransomware attacks are increasing.

In the last 12 months, more than a third (37 per cent) of respondents in India reported a data breach, with 22 per cent reporting a ransomware attack on their organisation.

Most vulnerable to cyber-attacks

Cloud assets were identified as the most vulnerable to cyber-attacks by these respondents.

More than 28 per cent of respondents said software-as-a-service (SaaS) apps and cloud-based storage were the most important targets, followed by cloud-hosted applications (26 per cent), and cloud infrastructure management (25 per cent).

Cloud exploitation and attacks are on the rise, with 75 per cent of global respondents reporting that 40 per cent of data stored in the cloud is now classified as sensitive, up from 49 per cent in 2022.

The 2023 Thales data threat report, which surveyed both private and public sector organisations, also revealed how businesses are responding to and planning their data security strategies and practises in the face of a changing threat landscape, as well as how far they have come in combating threats.

Accidental breaches 

Human error and ransomware, according to the report, played a significant role in the cloud data breach in India.

Accidental breaches can occur due to simple human error, misconfiguration, or other errors, and respondents identified this as the leading cause of cloud data breaches. The primary cause identified by 55 per cent of respondents who had experienced a data breach in the previous 12 months was misconfiguration or human error.

This was followed by the use of a known vulnerability (21 per cent), as well as a zero-day or previously unknown vulnerability (13 per cent). According to the report, identity and access management (IAM) is the best line of defence, with 28 per cent of respondents naming it as the most effective tool for mitigating these risks.

Meanwhile, the severity of ransomware attacks appears to be decreasing, with 35 per cent of 2023 respondents reporting a significant impact, compared to 44 per cent reporting similar levels of impact in 2022.

Global spending is also increasing, with 61 per cent saying they would shift or add a budget for ransomware tools to prevent future attacks, up from 57 per cent in 2022, but organisational responses to ransomware remain inconsistent.

Only 49 per cent of businesses reported a formal ransomware response plan, while 67 per cent continue to report data loss from ransomware attacks.

Digital sovereignty

Digital sovereignty is also a growing concern for data privacy and security teams. Overall, the report found that data sovereignty continues to be a short- and long-term challenge for businesses.

Nearly 83 per cent of respondents expressed concerns about data sovereignty, and 55 per cent agreed that data privacy and compliance in the cloud has become more difficult, most likely due to the emergence of requirements around digital sovereignty, the data threat report said.

Organisations are also concerned about emerging threats from quantum computers, which could compromise traditional encryption schemes. The report discovered that the top global security concerns from quantum computing were Harvest Now, Decrypt Later (HNDL), and future network decryption, with 62 per cent and 55 per cent reporting concerns, respectively.

While Post Quantum Cryptography (PQC) has emerged as a discipline to combat these threats, the report found that 62 per cent of organisations worldwide have five or more key management systems, posing a challenge for PQC and crypto agility.

The 2023 Thales Global Data Threat Report was based on a global 451 Research survey commissioned by Thales of almost 3,000 executives with responsibility for or influence over IT and data security.