Storage in object mode, data not covered by security solutions, regulated or virtualized information that is difficult to protect, the cloud is not a guarantee against all risks against attacks. Ransomware is on the rise and has great potential for harm, especially for health data, the volume of which is considerable.
The latest international study by cybersecurity player Rubrik aims to be educational to reassure remaining skeptical managers about the risks cloud companies face. While some of the results of this survey need to be weighed, a few salient points deserve attention.
Leakage points ransomware show a 49% increase in the number of victims in 2023. To date, attacks on hybrid environments affect 51% of on-prem equipment and two-thirds of on-prem architectures. cloud (including 67% SaaS services.
Rubrik’s study conducted by Wakefield Research among 1,625 CIOs and CISOs reveals 3 blind spots.
The first of these hidden risks relates to data in cloud instances, 70% of which is stored in the form of objects including the data itself, a unique identifier and metadata. In this case, security coverage is generally weak because the data is generally unreadable by security equipment and therefore more difficult to protect.
Another blind spot is that 88% of the data stored as objects is text files or semi-structured data in CVS, JSON or XML formats. This data is not always available to security solutions.
Finally, more than a quarter of the data objects store is subject to regulatory or legal requirements, such as protected health data and personal data subject to the GDPR. This regulated data is less protected than in on-premises environments.
Backups are targeted almost systematically
Parachute from the IT department, backups are attacked most of the time which of course gives hackers a decisive argument to force companies to pay money. However, Rubrik’s study shows that almost 40% of organizations have not defined any compliance policy for backing up sensitive data. This is worrying.
Storage saturation is a point rarely mentioned in cybersecurity studies. So when ransomware encrypts or modifies millions of files from a healthcare facility or company, it means it generates twice as much stored data. In addition to degrading eventual data recovery, this explosion in the number of new files can saturate storage capacity.
On the other hand, only 7% of organizations are fully in the cloud vulnerabilities Common CVE-based exposures represent only 11% of critical asset exposures. But on the blank side of the glass, note that 94% of cloud tenants (resource owners) were targeted every month in 2023, and 62% of targeted cloud tenants were compromised.
A successful attack requires rethinking cyber security with painful decisions after direct and indirect financial losses. It is better to predict a crisis situation than to repair it.