43% of cyber threats in the cloud environment originate from within, generating annual costs of about US$6.6 million for companies to remedy them, according to a study by Huawei.

The research, developed in cooperation with the Federal University of Minas Gerais (UFMG), was disclosed in the framework of the Huawei Cloud Latam Summit, which concludes this Thursday, and details that the majority of internal threats are related to negligence or employee inattention, as well as others caused by malicious users or credential theft.

Advertisement

The average cost per incident is $484,931 for negligence cases, $648,062 for those caused by malicious users, and $804,997 for credential theft.

A change of approach in cybersecurity

According to the UFMG professor Michele Nogueira, who is responsible for the study, the fact that almost half of the threats come from within organizations was the most surprising finding of the work, since it reveals that even if they invest in protection, companies will continue to be exposed to a large number of threats.

“We see so many investments and discussions about powerful tools, but when you look at the statistics, it is clear that even if you have super powerful resources, 43% of the problems will continue to occur, which generates a change in focus,” he told Efe.

Advertisement

In this sense, Nogueira explained that although it is still essential to invest in state-of-the-art technology to guarantee protection, it is even more important to use the tools that already exist correctly and to train and educate people to mitigate threats.

Likewise, Nogueira emphasized that security risks in the cloud are not very different from general cyber threats, but are enhanced by a greater number of resources and devices that connect to the platform, which increases both the number of targets as attack triggers.

Cloud migration is trending

The study affirms that the cloud environment is safer and cheaper than managing private computing resources, and that the trend is for the adoption of this technology to increase in the coming years.

Advertisement

According to the data presented, Brazil alone will invest about US$36 billion in cloud computing and the implementation of new data centers between 2022 and 2025.

For his part, Huawei’s director of cybersecurity and solutions, Marcelo Motta, highlighted that the covid-19 pandemic accelerated digital transformation in seven years, which entails an increase in the adoption of the cloud and also in the number of attacks. and threats.

“Having more connected devices increases the attack surface. Before, the perimeter was defined, but today it is difficult to identify the devices”, he explained.

Advertisement

The main threats in the cloud

Among the main threats to the cloud environment, the study highlighted, in addition to internal ones, data hijacking, known as a “ramsonware” attack, which affected 37% of the world’s companies in 2021, with an average cost of US$1.85 million per incident.

Other examples pointed out by the research are denial of service attacks, reduced infrastructure visibility, unauthorized use of the cloud, insecure applications, misconfiguration of the cloud, and regulatory and compliance issues.

Considering the costs that these threats entail, Motta stressed that it is necessary for cybersecurity to be considered as an investment in a foundation to establish businesses in a digital world, and not as an expense.

Advertisement