39% of Orgs Blame their Own IT Teams for Cloud Security Incidents

Companies also blame business users and cloud providers, revealed the 2018 Netwrix Cloud Security Report
Companies also blame business users and cloud providers, revealed the 2018 Netwrix Cloud Security Report

Netwrix Corporation, visibility platform provider for user behavior analysis and risk mitigation in hybrid environments, and 2017 ‘ASTORS’ Platinum Award Winner for Best Integrated Security Management Solution, has released the 2018 Netwrix Cloud Security Report.

Cloud Security Risks and Concerns in 2018

In 2015, Gartner predicted that 95% of security failures in the cloud through 2020 will be the customer’s fault.

The new Netwrix 2018 Cloud Security Report supports this prediction, noting that employees were considered responsible for 58% of security breaches in 2017, even though most attacks were external.

More broadly, the report explores the current state of security in the cloud and the tactics organizations use to mitigate risks.

The report identifies concerns that organizations have about cloud security, the threats they dealt with over the last year, and their plans for further cloud usage and security enhancements.

Key findings include:

  • The most common cloud security concerns remain the same: the risk of unauthorized access (69%), the risk of malware infiltrations (50%) and the inability to monitor the activity of their own employees in the cloud (39%).
  • 45% of organizations perceive their own employees to be the biggest security risk. Even though the majority of attacks they experienced over the year were external, organizations blame their own IT staff (39%) and business users (33%) as much as or more than their cloud providers (33%).
  • Organizations are not ready to address the insider threat because they have only partial visibility into activity in their IT infrastructures, a situation that has not changed much since 2016.
    • The share of organizations that have complete visibility into the activity of IT staff (28%), business users (17%), third parties with legitimate access (12%) and providers (9%) is low and needs to be improved.
  • Only 66% of surveyed IT teams have top management’s support for security initiatives for the cloud.
  •  42% of the organizations are ready to embrace the cloud more fully, while 47% are not ready for one or more reasons.
    • Even though 86% of organizations said in 2016 that they were not ready for a big cloud move, one year later, 31% of respondents say they are planning a complete migration to the cloud in the next five years.
  • The majority of organizations plan to start storing sensitive data in the cloud or move more data there.
    • Mainly it is going to be customer (50%), employee (45%) and financial (37%) information.
  • Employee training (55%), enforcement of stricter security policies (53%) and deployment of vendor security solutions (39%) top the list of the urgent measures aimed at strengthening security.

How to improve cloud security

By Jeff Melnick, Manager of Sales Engineering at Netwrix Corporation

Clearly, this list is not exhaustive. It’s wise to also consider these steps:

Devote some of your security efforts to the insider threat.

  • Make sure you are aware of what is happening in your environment and can spot malicious and suspicious activity, as well as mistakes and failures to follow established security policies.
  • Regular monitoring and activity analysis will give you more control over the IT environment so you can better protect it.

Communicate the security risks and their impact to top management. 

  • Surprisingly, top managers do not always understand the possible consequences of security breaches.
  • They may think this is up to IT to maintain security and deal with business users, while they focus on cutting expenses or raising stock prices.
  • But in fact, this attitude makes realization of security initiatives more difficult and may have dire consequences, both for the business and for them personally.
  • In the wake of several recent data breaches, such as Equifax and Yahoo, C-level managers like the CISO, the CIO and even the CEO had to resign.
  • Your manager may find this fact interesting and change their mind about their responsibility for cyber security.
Michael Fimin, CEO and co-founder of Netwrix
Michael Fimin, CEO and co-founder of Netwrix

“Although most actual security attacks were external, cloud customers mostly blame their own users for incidents in the cloud and see them as the biggest threat to security,” said Michael Fimin, CEO and co-founder of Netwrix.

“Why? Even if insiders are not malicious, they still can unwittingly help attackers get into the environment, whether due to a lack of knowledge about risks, negligence or mistakes.”

“To address the human factor in all its forms, organizations need a complex approach that includes at least three components: employee training, top management support for security initiatives, and pervasive visibility into user activity to detect attacks and minimize the damage.”

The 2018 Netwrix Cloud Security Report presents the results of our third annual survey, conducted in November 2017.

The respondents represent 853 organizations of various sizes, industries and geographical locations. All organizations are public or hybrid cloud users.

To download the report, please visit: www.netwrix.com/go/2018cloudsecurityreport.

(Learn More. Netwrix Auditor 9.5 empowers organizations to proactively identify, assess and reduce risks to their IT infrastructure and data with its new Risk Assessment capability, Behavior Anomaly Discovery and more. Courtesy of Netwrix and YouTube)

The 2017 ‘ASTORS’ Homeland Security Awards Program

Additionally, Attivo Networks ThreatDefend Deception and Response Platform Won the Gold ‘ASTORS’ Award Winner for Best Intrusion Detection & Prevention Solution.

American Security Today’s 2017 ‘ASTORS’ Homeland Awards Presentation Luncheon at ISC East was an overwhelming success, with distinguished guests from National, State and Local Governments, and Industry Leading Corporate Executives from companies allied to Government.

Over 100 professionals gathered from across North America and the Middle East to be honored from disciplines across the Security Industry in their respective fields which included:

  • The Department of Homeland Security
  • The Department of Justice
  • The Security Exchange Commission
  • State and Municipal Law Enforcement Agencies, and
  • Leaders in Private Security
The 2017 ‘ASTORS’ Homeland Security Awards Presentation Luncheon

The 2017 ‘ASTORS’ Homeland Security Awards Presentation Luncheon

Recognized for their Innovative Training and Education Programs, Outstanding Product Development Achievements and Exciting New Technologies to address the growing Homeland Security Threats our Nation is facing.

American Security Today was formed after careful reflection of 9/11 and its aftermath when the Department of Homeland Security was established and there was an immediate explosion of new products and solutions for what was perceived as an imminent second attack on primary targets in the United States.

As time moved forward from 9/11 itself and in recent years, the threats to our nation have evolved from a large scale 9/11 type attack to:

  • Domestic and International Terrorist Attacks carried out by ‘lone wolves’ and coordinated individuals
  • Cybersecurity breach attacks against our government agencies, financial institutions and critical infrastructure facilities
  • Unprecedented urban violence
  • Cultural shifts and societal media bias, which make it increasingly difficult to secure our nation in this constantly evolving threat environment.
The 2017 ‘ASTORS’ Homeland Security Awards Presentation Luncheon
The 2017 ‘ASTORS’ Homeland Security Awards Presentation Luncheon

These current circumstances have put forward another rapid expansion of new ideas, products and solutions to combat these ever changing challenges.

These changes have called for a new generation of security experts in the Homeland Security and Public Safety fields who need real time knowledge of our ever growing threats.

These experts include the Government at the Federal, State and Local levels as well as from Private Firms specializing in Physical Security, Port Security, Law Enforcement, First Responders, Military and Private Security responsible for implementing coordinated security measures to ensure our Nation’s Security and improve Public Safety.

AST 2017 'Champions Edition'Together, each of these entities work together seamlessly on the front lines of protecting our communities, to ‘Keep our Nation Secure, One City at a Time.’

AST focuses on Homeland Security and Public Safety Breaking News, the Newest Initiatives and Hottest Technologies in Physical & IT Security, essential to meeting today’s growing security challenges.

To highlight the tremendous accomplishments of agencies and firms receiving this prestigious award, check out American Security Today’s 2017 December ‘ASTORS’ Champions Edition – ‘Year in Review.’

Netwrix Corporation was the first vendor to introduce a visibility and governance platform for hybrid cloud security.

More than 160,000 IT departments worldwide rely on Netwrix to detect insider threats on premises and in the cloud, pass compliance audits with less effort and expense, and increase productivity of IT security and operations teams.

Netwrix Corporation logoFounded in 2006, Netwrix has earned more than 100 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.