Cloud and mobile are the weakest links in IT security, according to Check Point Software Technologies.
This is one of the key takeaways from the third volume of the company's 2019 Security Report released at its CPX360 event, hosted this week in Vienna, Austria.
According to the research 18% of organisations globally had a cloud security incident in the past year, with the most common incidents being data leaks/ breaches/ account hijacks, and malware infections.
Maya Horowitz, Director, Threat Intelligence & Research and Orli Gan, Head of Products, Threat Prevention together listed the top four public cloud security threats as misconfiguration of cloud platforms, leading to data loss or breaches (62%), unauthorised access to cloud resources (55%), insecure interfaces and APIs (50%) and hijacking of accounts or data traffic (47%).
In addition, 30% of IT professionals still consider security to be the responsibility of the cloud service provider, and 59% of these professionals do not use mobile threat defences.
"Leading threats include mobile malware, fake or malicious apps, man-in-the middle attacks and system vulnerabilities," said Gan.
"Only 9% of IT professionals consider threats on mobile a significant security risk," Gan added. "Yet malware can propagate from unprotected mobile devices to organisations cloud or on-premise networks, exploiting this weak link in enterprise security defences."
Yaniv Balmas, Group Manager, Security Research, described the security scenario surrounding cloud migration and mobile as 'an arms race', with tech vendors, service providers and end users at a disadvantage.
"They have to deal with regulation, have to understand the touch points in the system and how everything fits together – meanwhile the attacker is far more agile, and is just waiting to see what they can exploit," said Balmas.
As to whose responsibility it is to maintain, sustain and reinforce security around cloud and mobile services, Balmas believes this should be shared.
"Vendors can really help businesses by consulting with them on the best solutions for their business requirements...again, it's a double-edged sword, while companies are aware they need to migrate to the cloud, they feel rushed to do so and user education is what suffers."
Vendors can help companies with pre-research on technology, to assist with integration Balmas added.
Zohar Alon, Head of Cloud Product Line, Check Point Software, said, "The third instalment of our 2019 Security Report shows just how vulnerable organisations are to attacks targeting their cloud and mobile estates, because there is a lack of awareness of the threats they face and how to mitigate them. As nearly 20% of organisations have experienced a cloud incident in the past year, it's clear that criminals are looking to exploit these security gaps. By reviewing and highlighting these developments in the Report, organisations can get a better understanding of the threats they face, and how they prevent them impacting on their business."