More than 40 percent of organizations view their own employees as the biggest security risk, and although most attacks they experienced over the year were external, organizations still blame their own IT staff and business users as much as – or more than – their cloud providers.
That’s according to the 2018 Netwrix Cloud Security Report. The respondents represent 853 organizations of various sizes, industries and locations. All organizations are public or hybrid cloud users. The report identifies concerns that organizations have about cloud security, the threats they dealt with during the last year, and their plans for further cloud usage and security enhancements.
“Even if insiders are not malicious, they still can unwittingly help attackers get into the environment, whether due to a lack of knowledge about risks, negligence or mistakes,” said Michael Fimin, Netwrix’s co-founder and CEO. “To address the human factor in all its forms, organizations need a complex approach that includes at least three components: employee training, top management support for security initiatives, and pervasive visibility into user activity to detect attacks and minimize the damage.”
According to the Netwrix survey, the most common cloud-security concerns remain the same: the risk of unauthorized access (69 percent), the risk of malware infiltrations (50 percent) and the inability to monitor the activity of their own employees in the cloud (39 percent).
Organizations are not ready to address the insider threat because they have only partial visibility into activity in their IT infrastructures, a situation that has not changed much since 2016, Netwrix says. The share of organizations that have complete visibility into the activity of IT staff (28 percent), business users (17 percent), third parties with legitimate access (12 percent) and providers (9 percent) is low and needs to be improved, it said.
Only two-thirds (66 percent) of surveyed IT teams have top management’s support for security initiatives for the cloud. Also, some 42 percent of organizations are ready to embrace the cloud more fully, while 47 percent are not ready for one or more reasons.
Alhough 86 percent of organizations said in 2016 that they were not ready for a big cloud move, one year later, 31 percent of respondents said they are planning a complete migration to the cloud in the next five years.
Most organizations plan to start storing sensitive data in the cloud or move more data there. Mainly it is going to be customer (50 percent), employee (45 percent) and financial (37 percent) information.
Employee training (55 percent), enforcement of stricter security policies (53 percent) and deployment of vendor security solutions (39 percent) top the list of urgent measures aimed at strengthening security.