90 percent of data breaches are caused by human error

Employees and not cloud providers are to blame

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new report fromKaspersky Labhas revealed that security incidents in public cloud infrastructure are more likely to occur as a result of a customer’s employees rather than by actions carried out by cloud providers.

The cybersecurity firm’sUnderstanding security of the cloud: from adoption benefits to threats and concernsreport shed light on the fact that 90 percent of corporate data breaches in the cloud happen due to social engineering attacks which target customers' employees and not because of problems caused by their cloud providers.

While cloud adoption allows businesses to benefit from more agile business processes, reduced CAPEX and faster IT provision, organizations still worry about cloud infrastructure continuity and the security of their data.

According to Kaspersky’s research, over a third of both SMB and enterprise companies are concerned about incidents affecting IT infrastructure hosted by a third party which could make the benefits of cloud redundant and carry commercial and reputational risks.

Social engineering

Despite the fact that organizations are primarily worried about the integrity of external cloud platforms, they are more likely to be affected by weaknesses closer to home with a third of incidents in the cloud caused bysocial engineeringtechniques while only 11 percent can be blamed on actions taken by a cloud provider.

Kasperksy’s survey shows there is still a great deal of room for improvement to ensure adequate cybersecurity measures are in place when working with third parties in the cloud. For instance, only 39 percent of SMBS and 47 percent of enterprises have implemented tailored protection for the cloud.

Vice President of Global Sales at Kaspersky Lab, Maxim Frolov provided further insight on the findings of the report, saying:

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The first step for any business when migrating to public cloud is to understand who is responsible for their business data and the workloads held in it. Cloud providers normally have dedicated cybersecurity measures in place to protect their platforms and customers, but when a threat is on the customer’s side, it is no longer the provider’s responsibility. Our research shows that companies should be more attentive to the cybersecurity hygiene of their employees and take measures that will protect their cloud environment from the inside.”

The company recommends that businesses educate their employees regarding the negative effects of shadow IT and warn them that they can become victims of cyber threats while implementing anendpoint securitysolution to prevent social engineering attack vectors.

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success