Cracks in the Cloud: The Next Frontier for Cybercrime
Singapore ranks the lowest in terms of using both encryption and tokenization to secure their cloud data.
Symantec (Nasdaq: SYMC), the global leader in cyber security, today released findings from the new Symantec cloud security survey which reveals the state of enterprise data security. The advantages of cloud computing—scalability, speed to market, lower costs and higher productivity—are well known throughout most industries. But for cyber criminals, this new, borderless infrastructure is a potential goldmine.
Survey findings reveal that cloud security is a top concern for chief information security officers (CISOs) in Singapore and are taking measures to improve security in 2017. Covering 1,100 CISOs across 11 global markets, the report reveals that companies in Singapore currently ranks the lowest in terms of using both encryption and tokenization to secure their cloud data.
A widening scope for cloud-based attacks
The survey shows the extent to which cloud security is keeping CISOs in Singapore awake at night. Tellingly, almost all (90%) believe that ensuring cloud applications meet compliance regulations is one of the most stressful aspects of their job.
The industry compliance issues that they find most worrying include the governance of corporate-owned mobile devices (23%), and broad sharing of compliance-controlled data in cloud applications (21%).
Other concerns include the broad sharing of employee use of unsanctioned cloud applications (20%), tracking of activities in sanctioned cloud applications (19%), and keeping on top of country and region-specific data residency and control regulations (17%).
The widespread adoption of cloud applications, coupled with risky user behavior that corporations may not even be aware of, is further widening the scope for cloud-based attacks. Singapore CISOs estimate that, on average, 32% of cloud-based applications used at their company are unsanctioned, or ‘shadow apps’. The vast majority (77%) also believe that their Chief Executive Officer has probably broken internal security protocols at some point – either intentionally or unintentionally.
A need for end-to-end solutions
As enterprises become more reliant on the cloud to improve collaboration and flexibility, it’s becoming increasingly difficult for CISOs to keep track of and secure sensitive company data, let alone maintain compliance with regulatory requirements. To bolster information security as their organization’s data flows between on-premises systems, mobile applications and cloud services, 97% of CISOs in Singapore plan to increase spending on IT staff security training on average by 25% this year. This is a significantly higher average increase than overall CISOs surveyed which stood at 20%. On average, new IT employees will undergo 16 hours of security training during their onboarding process in 2017.
The need for data security, compliance, and residency is also driving Singapore CISOs to look for encryption and/or tokenization solutions to support their Software as a Service (SaaS) initiatives. Symantec’s survey reveals that while 94% of CISOs in Singapore believe tokenization of cloud data is the best way to meet data residency and control regulations, only 59% use tokenization methods. Instead, 78% use encryption to secure their cloud data. Further, less than half (37%) use both encryption and tokenization – the fewest among all the countries surveyed.
Despite such measures, security challenges remain. Cybercriminal groups are opportunistic in the way they operate, using flaws in legitimate operating systems, tools, and cloud services to compromise networks. To effectively counter such behaviors, CISOs require unparalleled visibility and control over sensitive content that users upload, store and share via the cloud. Rather than relying on one-off fixes and reactive patches to protect confidential information, successful CISOs are eradicating exploitable vulnerabilities by deploying proactive, end-to-end solutions.
Addressing cloud security through a holistic approach
Failure to ensure appropriate security protection when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of cloud computing. To ensure success, organizations require a new model of integrated security which provides stronger protection, greater visibility and better control of critical assets, users, and data.
Addressing cloud security holistically creates operational efficiencies and allows Singapore CISOs to take full advantage of the cloud. This approach guarantees their critical information is secure and protected, giving them the peace of mind they need to lead their companies in the data-driven era.
About the Symantec cloud security survey
The Symantec Survey was conducted by Wakefield Research (www.wakefieldresearch.com) among 1,100 CISOs at companies with more than 250 employees, with 100 in each of the following countries: Australia, Canada, China, France, Germany, India, Japan, Korea, Singapore, the UK and the US, between December 15th, 2016 and January 6th, 2017, using an email invitation and an online survey.
Results of any sample are subject to sampling variation. The magnitude of the variation is measurable and is affected by the number of interviews and the level of the percentages expressing the results. For the interviews conducted in this study, the chances are 95 in 100 that a survey result does not vary, plus or minus, by more than 3.0 percentage points overall, and 9.8 percentage points in each country, from the result that would be obtained if interviews had been conducted with all persons in the universe represented by the sample.
Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home and across their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit www.symantec.com or connect with us on Facebook, Twitter, and LinkedIn.