The continued migration to the cloud and a reliance on third parties and partners is exacerbating the risk of cybersecurity threats breaking through the supply chain, according to new research from cybersecurity firm Proofpoint.
The Sunnyvale, Calif.-based company’s report, in collaboration with The Cloud Security Alliance—a consortium of leading IT and security companies such as Microsoft, Google, CrowdStrike, IBM, Oracle, Okta and more—shows that 81% of organizations are highly concerned about risks surrounding their supplies and partners, with nearly half citing data loss as a primary risk.
The report, results of a survey of more than 950 IT and security professionals, found that the level of concern is warranted, as 58% of organizations said their third parties and suppliers were the target of a cloud-based breach in 2021.
Targeting of cloud apps is also a major issue, with organizations concerned that the apps contain or provide access to email, (36%), authentication (37%), storage/file sharing (35%), customer relationship management (33%), and enterprise business intelligence (30%).
According to Proofpoint, organizations are most concerned about data loss, with 43% listing protecting customer data as their primary cloud and web security objective this year. However, just 36% have a dedicated data loss prevention solution in place.
Meanwhile, 47% said their legacy systems are a key concern within their cloud security posture, and 37% said they need to increase security awareness and training to educate employees on more secure behavior.
Lead author of the report and research analyst at the Cloud Security Alliance Hillary Barton said in a statement that the accelerated digital transformation due to the pandemic is resulting in more challenging security approaches.
“While these initiatives strive toward improving worker productivity, product quality, or other business objectives, there are unintended consequences and challenges because of the large-scale structural changes required,” Baron said. “One of those challenges is developing a cohesive approach to cloud and web threats while managing legacy and on-premise security infrastructure.”