Symantec releases new CISO survey: Cloud becomes the next starting point for cybercrime

Recently, Symantec, a global leader in cybersecurity, released a new research report on the current state of enterprise data security. The report covers 11 markets around the world and invited 1,100 chief information security officers to participate in the survey. The report results show that cloud security is the challenge that China's chief information security officers (CISOs) are most concerned about. In addition, China's chief information security officers are more concerned about whether their companies have the ability to quickly respond to cyber attacks.

There is no doubt that cloud computing has many advantages that attract more and more industries, such as excellent scalability, shorter time to market, lower costs, and excellent work efficiency. However, this field also attracts the attention of cyber criminals. This new borderless infrastructure has become a potential gold mine in the eyes of cyber attackers.

The attack surface of the cloud continues to expand

Symantec's survey shows that cloud security has become a thorny issue for Chinese CISOs. The vast majority of CISOs (92%) believe that ensuring cloud applications meet compliance requirements is one of the biggest work pressures they face. In terms of industry compliance, Chinese CISOs are most concerned about whether their companies can fully track activities in approved cloud applications (29%) and whether company employees use unapproved cloud applications (23%).

In addition, Chinese CISOs’ concerns about cloud security also include: widespread sharing of compliance-controlled sensitive data in cloud applications (21%), management of corporate mobile devices (16%), and compliance with country and region-specific data retention and management regulations (11%).

With the widespread deployment of cloud applications and the lack of in-depth understanding of high-risk user behavior, enterprises have further led to a wider range of cloud-oriented cyber attacks. According to a Symantec survey, Chinese CISOs expect that an average of 30% of the cloud-based applications used by their own companies are unapproved applications or "shadow applications." Not only that, 70% of the CISOs surveyed believe that whether intentionally or unintentionally, the company's CEO may have undermined the company's internal security protocols in some cases.

Symantec's survey shows that in terms of cloud security, the external threats that Chinese CISOs are most concerned about in 2017 mainly include: data leakage (30%), system vulnerability exploitation (23%), identity authentication and certificate destruction (20%). In addition, the internal threats that CISOs are most concerned about include: employees violating security compliance requirements (26%), insecure enterprise applications (22%), and data loss (21%).

The need for end-to-end solutions

As enterprises increasingly rely on the cloud to improve collaboration and flexibility, China's chief information security officers face increasing challenges, such as the increasing difficulty in tracking sensitive corporate data and the huge pressure from regulatory requirements. Symantec's survey shows that in order to strengthen information security, all Chinese CISOs interviewed (100%) said they plan to increase spending on IT staff security training this year to ensure the security of corporate data transmitted between local systems, mobile applications and cloud services. New IT employees will receive an average of 13 hours of security training during their on-the-job training. It is worth mentioning that the planned spending of Chinese CISOs is higher than that of all other surveyed countries.

The need for data security, compliance and data retention has prompted Chinese CISOs to look for encryption and/or tokenization solutions to support their companies’ software as a service (SaaS) initiatives. Symantec’s survey shows that the vast majority (98%) of Chinese CISOs believe that cloud data tokenization is the best way to meet data retention and data management regulations—80% of respondents said they use tokenization; 77% of Chinese CISOs said they use encryption technology to protect data in the cloud; and 60% of respondents said their companies use both encryption and tokenization. It is worth mentioning that Chinese CISOs use tokenization at a higher rate than other countries surveyed.

Cybercriminal organizations are often opportunistic in their criminal activities, and they will exploit vulnerabilities in legitimate operating systems, tools and cloud services to compromise corporate networks. To effectively combat these criminal activities, chief information security officers need to have excellent visibility and control to manage the sensitive content that users upload, store and share through the cloud. Instead of relying on one-off fixes and reactive patches to protect confidential information, outstanding CISOs proactively deploy end-to-end solutions to eliminate potential vulnerabilities and threats that can be exploited.

Addressing cloud security issues through a holistic approach

When using cloud services, if enterprises cannot ensure the deployment of effective security protection, it will lead to higher cost losses and potential business losses, offsetting the various potential advantages of cloud computing. In the face of cloud security issues, enterprises need a new integrated security model to provide stronger protection, better visibility and higher levels of management capabilities for their key assets, users and data.

In today's data-driven era, effectively addressing cloud security issues can improve the operational efficiency of enterprises. While ensuring the security of key enterprise information, it can also enable chief information security officers to more easily utilize the advantages of cloud computing and harness the power of digital technology.