In 2022, despite the emergence of economic and geopolitical tensions, businesses remained committed to investing in their digital transformation and operational growth. They were able to navigate the risks associated with privacy and security while leveraging new technologies and innovative business models. The Thales Global Data Threat Report for 2023 delves into how leaders and decision-makers strike this balance, examining their perceptions, attitudes, and expectations for the future. Keep reading to learn more.
77% of respondents cite human error as the top cyber threat
As per the report, attacks are increasing in volume or severity, with 47% of respondents noting such a trend, similar to the figures in 2021 and 2022. Among those who reported a surge in attacks or threats, malware saw the most significant increase, with 59% of respondents reporting it.
48% of respondents reported an increase in ransomware, while phishing attacks saw an increase for 43% of respondents. The primary types of threats identified have remained consistent for the last three years, with malware, ransomware, and phishing being the top three.
However, the sources of these threats have changed, with human error (77%), external hacktivists (76%), and nation-state actors (72%) being the top priorities for respondents this year. In previous years, respondents were more concerned with malicious insiders.
Only 27% of respondents are very concerned about remote work risks
81% of respondents trust their enterprise’s systems to secure and manage their personal data. This level of confidence is consistent across all roles, from security practitioners to senior leaders in finance, legal, and regulation.
Concerns about risks from remote work remain high but have decreased slightly. 27% of respondents report being “very concerned” about remote work risks, which is a 4-percentage-point drop from 2022. 57% are confident in their organization’s access security solutions for secure and convenient remote work.
The adoption rate of MFA (multi-factor authentication) remained flat at 55% for 2021 and 2022 but has increased to 65% in 2023. Furthermore, the use of MFA specifically for SaaS apps is increasing. While increased MFA adoption rates demonstrate better end-user awareness and security culture to mitigate leading threats such as human error, there is still some disconnect in what controls can protect sensitive data going forward.
While respondents indicate that IAM (identity and access management) is one of the most effective technologies to protect sensitive data, other controls used are endpoint security, network security, encryption, and CSPM.
New technologies and cloud adoption increase security concerns
New technologies such as 5G, edge computing, and IoT are transforming how compute infrastructure is allocated, utilized, and protected. 77% of respondents express security concerns about 5G of which 75% are primarily concerned with safeguarding the identities of people and things connected to 5G networks and 66% are most concerned with securing data moving across 5G networks.
Cloud usage for production environments is prevalent among a significant majority (80%) of respondents, with the remaining 20% in pilot or near-term adoption phases (less than 12 months).
Over the past three years, the percentage of respondents who believe that maintaining privacy and data protection regulations is more complex in the cloud has gradually increased from 46% to 55%. Despite the complexity, more companies are moving sensitive data to the cloud, leading to a higher proportion of sensitive data among overall data and a concurrent increase in data risks over time.
According to the survey, the top attack targets in the cloud are SaaS apps and cloud-based storage, with 28% of respondents citing them, followed by cloud-hosted applications or cloud databases in IaaS/PaaS at 26%, and cloud infrastructure at 25%.
There have been increases in infrastructure compromise and third-party risk in cloud infrastructure attacks. Enterprises are now balancing their eagerness to adopt new technologies and transform with increased awareness of potential risks.
83% of respondents are concerned about digital sovereignty
Over half of the survey participants agreed that it is more challenging to ensure data protection and compliance in the cloud compared to on-premises environments. In addition, the rise of digital sovereignty brings further complexities to cloud data protection and compliance. The report shows that 83% of respondents worldwide expressed concerns about digital sovereignty.
Almost all (96%) participants indicated that they believe either designating the location/jurisdiction of data or implementing complete data encryption are acceptable methods to meet different cloud/digital sovereignty requirements.
Digital sovereignty presents both short- and long-term challenges for organizations. In the short term, companies need to take immediate steps to comply with current privacy legislation. In the long term, they must consider the sovereignty of data, operations, and software.
Advances in quantum computing and the resulting ability to break classical encryption schemes are also an increasing concern. Post-quantum cryptography (PQC) has emerged as a discipline to counter these concerns.
Enterprises are facing a constantly evolving threat landscape and increased complexities in maintaining data protection and compliance in the cloud. However, there are opportunities for continued growth through digital transformation and collaboration on data security, citizen privacy, and digital sovereignty initiatives. Companies that maintain stronger data security controls that are not tied to a single cloud provider can more effectively apply those controls to the cloud environment with the greatest value for their needs. To succeed, enterprises must collaborate with a variety of stakeholders and understand their perspectives to navigate the pathways forward.
Source credits: Thales Global Data Threat Report 2023