GUEST RESEARCH: Financial organisations are leaving themselves significantly exposed to risk in the cloud, according to research from Illumio.
The research found that nearly half (47%) of all data breaches in financial organisations now originate in the cloud, costing these organisations an average of US$6 million each year – higher than the average across all industries. The global research was conducted by independent research company Vanson Bourne and included respondents from Australia and Singapore.
The research – Cloud Security Index: Redefine Cloud Security with Zero Trust Segmentation shows that financial organisations are now operating across a mix of cloud architectures yet remain reliant on traditional security tools which are exposing new security gaps. The findings show most financial organisations now operate hybrid and multi-cloud environments, with 98% storing sensitive data, and 85% running high value applications in the cloud.
Yet, despite high cloud usage, only 38% say they understand their organisation’s cloud security exposure risk very well. This is likely due to a lack of control and visibility with 97% saying they need better visibility into the connectivity with third party software and better reaction times to cloud breaches. Worryingly, 4 in 10 say it would be easy for an attacker to find weaknesses in their cloud environment and move across the organisation. This tactic, known as lateral movement, is the main factor in successful ransomware attacks.
It’s no surprise then that improvements are on the horizon. Nine in ten financial organisations say improving cloud security is a priority over the next year and 90% recognise that segmentation of critical assets is a necessary step to secure cloud-based projects. Nearly all (98%) also say they need security that can scale better with the speed of cloud adoption.
“Financial organisations need a way to enforce security in real-time, dynamically, as workloads spin up and down, but this starts with visibility,” says John Kindervag, founder of Zero Trust and Chief Evangelist at Illumio. “The good news is that organisations are aware of the risks and are starting to act. It’s why we’re seeing this global movement towards Zero Trust, and specifically Zero Trust Segmentation, because it’s a unified strategy and approach that works across on-premises and the cloud and provides a consistent way to apply and enforce security and build resilience across environments.”
The research reveals that a quarter of financial organisations still do not acknowledge that breaches are inevitable – a prerequisite for improving cyber resilience, and only 33% currently have Zero Trust Segmentation in place across both on-premise and cloud environments. 96% also say they need improvements in setting and enforcing consistent security and compliance policies.