Enterprises are facing a ‘cloud security crisis’
Businesses are facing a “cloud security crisis” fueled by increasingly fragmented hybrid environments, according to security firm Rubrik.
The company, in association with Wakefield Research, interviewed 1,600 IT and security leaders for its The state of data security in 2025 report and found 90% had suffered cyber attacks in 2024.
For some, the onslaught was relentless, with almost 20% experiencing more than 25 cyber attacks during the year.
The consequences of these breaches can be serious at both a business and personal level, Rubrik warned. Of those respondents that admitted to suffering a cyber attack, 37% said their company had suffered reputational damage and loss of customer confidence.
A further 33% said such an incident had resulted in a forced leadership change.
When it comes to the sources of attack, 28% identified cloud or SaaS breaches as the point of origin. This has led Rubrik to point the finger squarely at the use of hybrid cloud strategies as a source of the problem.
“Many organizations that move to the cloud assume their providers will handle security,” said Joe Hladik, head of Rubrik Zero Labs. “The persistence of ransomware attacks, coupled with hybrid cloud vulnerabilities shows that threat actors are always one step ahead.”
However, this seems to overlook the fact that a similar proportion of attacks came from insider threats (28%).
Nevertheless, 90% of respondents said they were managing hybrid cloud environments, with 35% saying that securing data across a variety of ecosystems was their top challenge, while 29% said it was lack of visibility and control over cloud-based data.
This issue of visibility is something IT decision makers have raised repeatedly in recent years. In a December 2024 blog, Darktrace identified limited visibility as an emerging threat that can lead to misclassification of data in terms of sensitivity and misaligned access policies.
Similarly, research from Fortinet revealed 55% of the individuals it surveyed for its 2025 state of cloud security report found loss of visibility and control to be a major issue when securing multi-cloud environments – another aspect of data sprawl.
Rubrik’s recommendations for how to combat these issues is to follow the fundamentals of cybersecurity in the 2020s: identify where the data is, what it is, and how sensitive it is, both in motion and at rest.
Thereafter, enterprises should implement policies to protect this data and establish what processes and procedures can be used to enforce it. Similarly, IT teams should use automation where possible to enable them to focus on things that need real human expertise to solve, rather than using up their time on drudgery.
MORE FROM ITPRO
Source link
