Johannesburg, 26 Sep 2023
In a recent survey conducted by Thales, it was revealed that 39% of businesses fell victim to data breaches in the preceding year. Concurrently, a staggering 75% of companies disclosed that over 40% of their cloud-stored data is sensitive. A commissioned global study by Arcserve further highlighted the misconception among IT decision-makers, with 43% erroneously believing that cloud providers are responsible for safeguarding and recovering their data in the cloud.
These findings signify a concerning trend as organisations increasingly rely on cloud solutions. Eighty-two percent of IT decision-makers anticipate augmented investments in hybrid cloud deployments, while 70% foresee increased multicloud adoption. This shift in cloud adoption patterns presents a heightened risk landscape for businesses.
Cloud security breaches manifest through various cyber attack vectors, yet their consequences remain consistent. A breached company's reputation is tarnished, customers may depart in droves and the financial toll could jeopardise the organisation's viability.
For the IT community, these breaches serve as valuable lessons. Notably, cloud security breaches have surpassed on-premises breaches, as indicated by the Verizon Data Breach Investigations Report (DBIR).
Considering this, let's examine some of the most notorious cloud security breaches that have captured headlines:
- Facebook: Facebook suffered a breach before August 2019 but chose not to notify over 530 million users whose personal data was stolen until April 2021. The data breach exposed phone numbers, full names, locations, e-mail addresses and other profile details. This incident severely impacted Facebook's reputation, leading to a $5 billion penalty paid by the company to settle a privacy case with the Federal Trade Commission.
- Alibaba: In November 2019, Alibaba's Chinese shopping website, Taobao, experienced a breach that affected over 1.1 billion users' data. The breach, lasting eight months, involved a Chinese software developer scraping user information, including user IDs, mobile phone numbers and customer comments. While encrypted data like passwords remained secure, the breach underscored the importance of robust monitoring systems and network security.
- LinkedIn: LinkedIn faced a data scraping breach in 2021 that affected 700 million profiles. While much of the information was public, data from the hack appeared on a dark web forum. While LinkedIn claimed no sensitive private data was exposed, the incident raised concerns about data risks associated with social media usage.
- Sina Weibo: One of China's largest social media platforms, Sina Weibo, experienced a data breach in June 2020. Personal details of over 538 million users, including real names, usernames, genders, locations and phone numbers for 172 million users were posted on the dark web. The breach, though lacking passwords, highlighted the risks faced by anonymous users sharing unfiltered news.
- Accenture: Accenture fell victim to hackers linked to the LockBit ransomware group in August 2021. The breach resulted in the theft and leakage of proprietary corporate data and breaches in the systems of Accenture's customers. The hackers demanded a $50 million ransom, but Accenture restored all affected systems from backups without impacting operations or client systems.
- Cognyte: In June 2021, cyber analytics firm Cognyte left its database unsecured, exposing 5 billion records detailing past data incidents. These records were accessible online without authentication. While the breach didn't expose significant sensitive data, it provided hackers with names, e-mail addresses and data source information, potentially enabling future social engineering attacks.
- Toyota Motor Company: In June 2023, Toyota reported that approximately 260 000 customers' data was exposed online due to a misconfigured cloud environment. Although the breach did not expose extensive sensitive data, it underscored the risks associated with misconfigurations and the time it takes to discover breaches.
“We often highlight the large public breaches and losses of data, but we are very aware that whether large or small, we are all at risk, if not more so in comparison to these major players. With a lower investment in network and information security, implementing a high-quality and reliable backup solution is a business imperative,” says Ian Parker, Executive Product Manager at LOOPHOLD Security Distribution.
In conclusion, while it may be impossible to prevent every attack, organisations must strive to enhance their cyber security measures continuously. The Arcserve Unified Data Resilience Platform offers a comprehensive approach, incorporating integrated cyber security, complete data protection and rapid recovery capabilities. This robust solution aims to safeguard data across physical and virtual environments, on-premises, in the cloud and SaaS-based platforms, mitigating risks posed by external threats, disasters, human errors and other unplanned incidents. To learn more about the Arcserve Data Resilience Platform, you can request a demo or seek guidance from Arcserve technology partners to ensure the security of your cloud data.