Explore our Topics:

Cloud data remains vulnerable to cyberattacks

Sensitive data in the cloud is an ongoing vulnerability for healthcare and other industries, and 3rd party access is a key attack point.
By admin
Oct 31, 2022, 1:09 PM

IT organizations across industries, including healthcare, lack confidence in their ability to secure sensitive data in the cloud, according to a new report from the Cloud Security Alliance (CSA). Only 39% of the more than 1,600 IT and security professionals who responded to CSA’s July 2022 online survey felt highly confident in cloud data security at their respective organizations.

What’s more, 40% of respondents indicated that only half of sensitive data in the cloud has enough security protection. A mere 4% said they have sufficient security for all data in the cloud.

Problematic third-party access

CSA’s research also revealed another level of concern regarding cloud data security: Third parties and suppliers often have similar access to sensitive data compared to internal employees. CSA concluded from a separate study that third parties, contractors and suppliers comprise nearly 60% of commonly targeted groups in cyberattacks.

“Cybersecurity really is a supply chain problem,” noted Richard George, former National Security Agency technical director of information assurance and current senior advisor at Johns Hopkins University, in a speech to security professionals. “Everybody’s a target,” George added, pointing out that IT organizations commonly partner with telecom carriers, as well as hardware/ software providers supporting workflow, while leveraging their cloud assets.

George recommended that entities take a defensive posture to disrupt cyber-criminal intent and truly “own” their supply chain. A key part of that approach is insisting that strategic partners prove their cybersecurity capabilities.

Related story: Top considerations for choosing a healthcare cloud partner

Breaches in the forecast

Organizations surveyed by CSA seemed aware of ongoing threats to cloud data security, with most respondents believing their enterprise would experience a breach in the coming year. Nonetheless, organizations that had already been breached reported significantly lower confidence in their ability to protect data—92% of those previously breached said they will likely experience another attack in the next 12 months.

Again, the report advised “locking down” third-party access to sensitive data. Further, organizations should prioritize cross-platform support for multi-cloud and hybrid cloud environments to ensure security across all domains.

Related story: How healthcare can close the cloud security gaps that stall adoption

Best practices for cloud-computing risk reduction include conducting regular cybersecurity audits; limiting users’ access to sensitive data, applications, and devices on a role-necessary basis; and conducting frequent readiness tests or mock cybersecurity incidents.

Frank Irving is a Philadelphia-based content writer and communications consultant specializing in healthcare and technology.


Show Your Support


Newsletter Logo

Subscribe to our topic-centric newsletters to get the latest insights delivered to your inbox weekly.

Enter your information below

By submitting this form, you are agreeing to DHI’s Privacy Policy and Terms of Use.