Report: Human Error Is the Leading Cause of Cloud Data Breaches

• 07/02/24

"When characterizing threat actors, internal human error remains a critical threat area, always ranking highly, if not the top category," the company's March data threat report said. "In 2024, 22% of respondents said that human error was the single most concerning threat, and 74% of respondents placed some level of priority on threats from human error. The industry must continue redirecting its efforts to more secure and user-friendly approaches.

"Innovations in cloud automation, developer experience, CIAM and workforce IAM reduce human errors and downstream consequences. Malicious adversaries are not only increasing the number of attacks but are also exhibiting growing sophistication in combining techniques. The ecosystems of ransomware creators, access brokers and criminal operators continue to evolve and adapt. While UX improves with new CIAM improvements such as passkeys and password deprecation, new challenges will arise such as deepfake attacks from generative AI. Simplifying this complexity reduces the missteps that adversaries can take advantage of and improves usability and engagement."

Meanwhile, other key highlights of last week's cloud security report as presented by Thales include:

• Cloud security spending now tops all other security spending categories.
• Nearly half (47%) of all corporate data stored in the cloud is sensitive.
• Nearly half of organizations cite it is more difficult to manage compliance and privacy in the cloud vs. on-premises.
• Nearly a third (31%) of organizations recognize the importance of digital sovereignty initiatives as a means of future-proofing their cloud environments.

In its CSA post, Thales advocated for prioritizing proactive security, noting that to better secure cloud environments enterprises should:

• Drive Security Proactivity: Implement proactive security measures to achieve better outcomes, such as ensuring compliance with security audits to reduce the likelihood of data breaches.
• Strengthen Command of New Technologies: Invest in understanding and deploying modern cloud security solutions, such as CNAPP and advanced encryption techniques.
• Foster Developer and Security Partnerships: Enhance collaboration between developers and security teams to address new threats and vulnerabilities.
• Centralize Tools for Decentralized Teams: Provide consistent security tools and controls that enable decentralized teams to manage risks effectively.

"Cloud security is dynamic and complex, and as cloud adoption continues to soar, so do the associated challenges and risks," Thales concluded. "Enterprises can better secure their cloud environments and protect their valuable data by prioritizing proactive security measures, investing in modern solutions, and fostering strong team partnerships."

The 2024 Cloud Security Study is available for download here on the Thales site (registration required).