Netwrix survey: 39% of organizations blame their own IT teams for security incidents in the cloud

Netwrix Corporation, provider of a visibility platform for user behavior analysis and risk mitigation in hybrid environments, released the 2018 Netwrix Cloud Security Report. The report identifies concerns that organizations have about cloud security, the threats they dealt with over the last year, and their plans for further cloud usage and security enhancements.

The 2018 Netwrix Cloud Security Report presents the results of our third annual survey, conducted in November 2017. The respondents represent 853 organizations of various sizes, industries and geographical locations. All organizations are public or hybrid cloud users.

The key findings include:

• The most common cloud security concerns remain the same: the risk of unauthorized access (69%), the risk of malware infiltrations (50%) and the inability to monitor the activity of their own employees in the cloud (39%).
• 45% of organizations perceive their own employees to be the biggest security risk. Even though the majority of attacks they experienced over the year were external, organizations blame their own IT staff (39%) and business users (33%) as much as or more than their cloud providers (33%).
• Organizations are not ready to address the insider threat because they have only partial visibility into activity in their IT infrastructures, a situation that has not changed much since 2016. The share of organizations that have complete visibility into the activity of IT staff (28%), business users (17%), third parties with legitimate access (12%) and providers (9%) is low and needs to be improved.
• Only 66% of surveyed IT teams have top management’s support for security initiatives for the cloud.
• 42% of the organizations are ready to embrace the cloud more fully, while 47% are not ready for one or more reasons. Even though 86% of organizations said in 2016 that they were not ready for a big cloud move, one year later, 31% of respondents say they are planning a complete migration to the cloud in the next five years.
• The majority of organizations plan to start storing sensitive data in the cloud or move more data there. Mainly it is going to be customer (50%), employee (45%) and financial (37%) information.
• Employee training (55%), enforcement of stricter security policies (53%) and deployment of vendor security solutions (39%) top the list of the urgent measures aimed at strengthening security.

Although most actual security attacks were external, cloud customers mostly blame their own users for incidents in the cloud and see them as the biggest threat to security. Why? Even if insiders are not malicious, they still can unwittingly help attackers get into the environment, whether due to a lack of knowledge about risks, negligence or mistakes. To address the human factor in all its forms, organizations need a complex approach that includes at least three components: employee training, top management support for security initiatives, and pervasive visibility into user activity to detect attacks and minimize the damage
Michael Fimin, CEO and co-founder of Netwrix

To download the report, please visit: www.netwrix.com/go/2018cloudsecurityreport.