2024 Thales Cloud Security Study: Cloud Resources Now Singapore’s Biggest Targets for Cyberattacks

Thales has announced the release of the 2024 Thales Cloud Security Study, its annual assessment on the latest cloud security threats, trends, and emerging risks based on a survey of nearly 3,000 IT and security professionals across 18 countries in 37 industries.

According to the 2024 Thales Cloud Security Study, Singapore’s public institutions and private enterprises are incorporating more cloud-based services. The market is maturing, with cloud security now a top concern for compliance and security reasons.

As the use of the cloud continues to be strategically vital to many organisations, cloud resources have become the biggest targets for cyberattacks, with Security as a Service (SaaS) applications (31%), Cloud Storage (30%), and Cloud Management Infrastructure (26%) cited as the leading categories of attack. As a result, protecting cloud environments has risen as the top security priority ahead of all other security disciplines.

This comes as organisations continue to experience cloud data breaches. Forty-four percent of organisations have experienced a cloud data breach with 14% reported having an incident in the last 12 months. Human error and misconfiguration continued to lead the top root cause of these breaches (31%), followed by exploiting known vulnerabilities (28%), and failure to use Multi-Factor Authentication (17%).

Growing cloud usage across enterprises has seen an accompanying growth in the potential attack surface for threat actors, with 66% of organisations using more than 25 SaaS applications and nearly half (47%) of corporate data being sensitive. Despite the increased risks to sensitive data in the cloud, the data encryption rates remain low, with less than 10% of enterprises encrypting 80% or more of their sensitive cloud data.

Future-Proofing Cloud Environments

As organisations gain more experience in using cloud computing, many have modernised their investments to meet new security challenges. For organisations that prioritise digital sovereignty as an emerging security concern, refactoring applications to logically separate, secure, store, and process cloud data was the top way they would attain or achieve sovereignty initiatives ahead of other measures such as repatriating workloads back to on-premises or in-territory. Future-proofing cloud environments (31%), the 2024 Thales Cloud Security Study found, was the number one driver behind digital sovereignty initiatives, where enterprises could independently control digital assets regardless of location, operational personnel or software compatibility constraints.

Particularly in Singapore, this sentiment was even higher at 37%, according to the findings of the 2024 Thales Cloud Security Study. With 49% of all Singapore respondents desired full control of encryption and key management capabilities so they would alleviate the fear about data breaches regardless of location.

Sebastien Cano, Senior Vice President for Cloud Protection and Licencing Activities at Thales, said: “The scalability and flexibility that the cloud offers is highly compelling for organisations, so it’s no surprise it is central to their security strategies. However, as the cloud attack surface expands, organisations must get a firm grasp on the data they have stored in the cloud, the keys they’re using to encrypt it, and the ability to have complete visibility into who is accessing the data and how it being used. It is vital to solve these challenges now, especially as data sovereignty and privacy have emerged as top concerns in this year’s research.”

For more information listen to the Thales webinar with S&P Global hosted by Scott Crawford, Information Security Research Head and Justin Lam, Research Analyst.

About the 2024 Thales Cloud Security Study

The 2024 Thales Cloud Security Study was based on a global survey of 2,961 respondent, aimed at professionals in security and IT management. In addition to criteria about level of knowledge on the general topic of the survey, the screening criteria for the survey excluded those respondents who indicated affiliation with organizations with annual revenue of less than USD $100 million and with USD$100 million–USD $250 million in selected countries.

The 2024 Thales Cloud Security Study was conducted as an observational study and makes no causal claims.