The State of Cloud Security 2020, a global survey from next-generation cybersecurity leader Sophos, has thought us some lessons to prepare for the battles ahead in the cyber space.
In particular, businesses in Nigeria should be more concerned with securing their systems and networks and this calls speedy implementation of the Nigeria Data Protection Regulation (NDPR) 2019.
The Sophos survey found more than eight in ten (86%) organizations from Nigeria experienced a public cloud security incident in the last year – including;
- ransomware (34%),
- other malware (43%),
- exposed data (57%),
- compromised accounts (46%), and
- cryptojacking (26%).
Cryptojacking is a new type of threat in which a hacker uses malicious software to take advantage of your system resources. This calls for serious attention.
1. Security in the era of cloud computing has become quite serious
Globally, organizations running multi-cloud environments are greater than 50% more likely to suffer a cloud security incident than those running a single cloud.
2. Nigeria should enforce NDPR as GDPR has become life safer for users and organisations
The Nigeria Data Protection Regulation (NDPR) guideline was released in January 2019.
Among the objectives behind this regulation were the protection of the privacy rights and freedoms of Nigerian citizens, on the one hand, and the promotion of local and foreign investments in the digital economy by safeguarding the information systems infrastructure against breaches and implementing internationally compatible rules, on the other hand.
The policy is actually timely in view of the fact this survey by Sophos indicates that Europeans suffered the lowest percentage of security incidents in the cloud.
This is an indicator that compliance with General Data Protection Regulation (GDPR) guidelines are helping to protect organizations from being compromised. Should NDPR implementation becomes more effective, then Nigeria will have positive stories to show.
If you look at the report that India, on the other hand, fared the worst, with 93% of organizations being hit by an attack in the last year, then we can appreciate the need to implement NDPR.
3. Ransomware is taking place in organisations ‘unaware’
“Ransomware, not surprisingly, is one of the most widely reported cybercrimes in the public cloud. The most successful ransomware attacks include data in the public cloud, according to the State of Ransomware 2020 report, and attackers are shifting their methods to target cloud environments that cripple necessary infrastructure and increase the likelihood of payment,” said Chester Wisniewski, principal research scientist, Sophos.
“The recent increase in remote working provides extra motivation to disable cloud infrastructure that is being relied on more than ever, so it’s worrisome that many organizations still don’t understand their responsibility in securing cloud data and workloads. Cloud security is a shared responsibility, and organizations need to carefully manage and monitor cloud environments in order to stay one step ahead of determined attackers.”
4. Humans as the weakest link in cybersecurity
Sophos identified that organisations unintentional open door to attackers. This, Sophos called ‘Accidental Exposure’ which continues to plague organizations, with misconfigurations exploited in 64% of reported attacks in Nigeria.
Detailed in the SophosLabs 2020 Threat Report, misconfigurations drive the majority of incidents and are all too common given cloud management complexities.
Despite this, only around a quarter of organizations (25%) from Nigeria say lack of staff expertise is a top area of concern.
Data from Sophos Cloud Optix, a cloud security posture management tool, further reveals that globally;
- 91% of accounts have overprivileged identity and access management roles, and
- 98% have multi-factor authentication disabled on their cloud provider accounts.
5. All hope is not lost
Yes. Awareness is key and from the Sophos report, we understand that nearly all respondents (97%) from Nigeria admit to concern about their current level of cloud security.
Even experts at Sophos view this as an encouraging sign that it’s top of mind and important.
Appropriately, “Identifying and responding to security incidents” tops the list of security concerns;
- for nearly half of respondents (45%)
- followed by “managing access to cloud accounts” and
- “data leaks” (32% and 32% respectively).
Interestingly only 54% of respondent from Nigeria say they have full awareness of their cloud assets and 22% say they are aware of only a minority.
The State of Cloud Security 2020 report highlights findings of an independent survey conducted by Vanson Bourne among more than 3,500 IT managers across 26 countries in Europe, the Americas, Asia Pacific, the Middle East, and Africa that currently host data and workloads in the public cloud.
The full report, along with a detailed list of cloud security recommendations, is available at https://secure2.sophos.com/en-us/content/state-of-cloud-security.aspx.