Half of companies say they have suffered a data breach in the last 12 months and among the main concerns is the exponential increase in the attack surface represented by cloud applications
THE CLM, a Latin American value-added distributor focused on information security, data protection, cloud and data center infrastructure, reflects the main results of the Thales Data Threat Report – Latin America (DTR LATAM), which points out trends such as digital sovereignty and multicloud consolidation; post-quantum encryption concerns and cloud risks with 5G. In addition to noticing an increase in the volume of violations and the persistence of human error.
Robert Mueller, former director of the FBI, said: “There are only two types of companies, those that have been hacked and those that will. And the categories are merging into one, from companies that have been hacked and will be hacked again.”
To give you an idea, 46% of respondents said they had suffered data breaches in the last 12 months and 24% were victims of ransomware attacks.
For Thales, these numbers indicate that, although the region continues to present violation rates higher than the world averages, the increases are not significant year on year, but there are measures that companies must take to reduce these rates.
Data from the Latin America study, drawn from the global Thales Data Threat Report 2023 study, which polled nearly 3,000 professionals, is based on 206 respondents in Brazil and Mexico.
Human error drives data protection
The AL data, as well as the global report, show that the top cause of data breaches in the cloud is human error. This factor has led companies to train their users and adopt solutions that protect access. Example of this is the 62% growth in multi-factor authentication (MFA) usage. Of those interviewed, 30% stressed the importance of Identity and Access Management (IAM) solutions as the most effective security technology in protecting sensitive data from cyber-attacks.
For CLM, these percentages indicate the companies' concern with the prevention of human errors, a failure that the Thales study detected in the region and in the world. Global data shows human error as the top cause of data breaches in the cloud, indicated by 77% of respondents. Followed by hacktivism (76%) and attacks by governments (72%).
Nearly half experienced breaches in the last 12 months
According to the study, even with the improvement in the prevention of human errors, not all perceptions regarding security are so accurate. Most respondents (87%) would entrust their personal data to their organization's systems. Although, 46% of them said they had suffered breaches in the last 12 months, 9% more than the global number and 3% more than the 2022 LATAM survey.
Ransomware: 60% of companies in the region have a formal plan against ransomware attacks, up significantly from 2022 (42%), when the question was first asked. A quarter (24%) of respondents said they had experienced a ransomware attack, percentage slightly higher than the world and 8% above last year. The percentage of attacks with significant impact rose 7% in the region, while worldwide the increase stood at 2%.
5G and Cloud Risks: 76% of respondents express concerns about 5G security. Of these, most say protecting the identities of people and devices connected to 5G networks is their top concern, a result similar to global responses.
AL respondents rank cloud infrastructure (management consoles, automation tools, deployment pipelines) and identity (identity and credential theft, credential stuffing) as the #1 and #2 targets for cyberattacks.
Post-quantum cryptography advances to the real world: 67% of Latin American respondents say network decryption is the security threat from quantum computing they are most concerned about, similar to the global average.
Multicloud is a reality: 83% of companies in the region have workloads in more than one public cloud (4% more than the global percentage), and an average of 2.3 providers per organization.
Digital sovereignty: one of the themes that has emerged strongly in corporations is digital sovereignty, which refers to the ability to exercise power and control over digital infrastructures, systems and data and to make autonomous decisions on issues related to governance, security and privacy in the digital world. O CLM CTO, Pedro Diógenes, explains that digital sovereignty is related to the power of a country to control and defend the data of its citizens or the State.
“In the same way that a country that does not have armed forces does not have territorial sovereignty, a country that does not have currency does not have financial sovereignty, the country that does not control its data does not have digital sovereignty”, clarifies the executive.
Emerging strategy: 98% of respondents to the Thales AL study say that designating or changing the location and jurisdiction of data or implementing its full encryption are acceptable measures to achieve various levels of digital sovereignty. And 69% of organizations in the region have at least five enterprise key management systems (7% more than the overall result: 62%), which adds to the complexity.
Anticipating digital sovereignty: the Thales report shows that there is a tendency to anticipate digital sovereignty, precisely because it gives companies more freedom to deal with data, hardware and software used in their offers and services. And for enabling them to more effectively track the enforcement of privacy laws to maintain secure administration of sensitive and publicly identifiable data to adhere to different privacy regulations, data security and resiliency around the world.
THE digital sovereignty is a significant opportunity for companies optimize their systems and architectures and better serve their stakeholders and citizens. So much that 82% of LATAM respondents are concerned about data sovereignty and/or privacy regulations that may affect their cloud deployment plans, similar to the global percentage.
More than half (55%) agree that it is more complex to manage privacy and data protection regulations in a cloud environment than on local networks, a percentage slightly below the global average. However, 64% of respondents use key managers and/or encryption keys from cloud providers, making them dependent on the provider and impeding their digital sovereignty.
“The digital sovereignty of a country depends on a series of factors. The main ones are the training of your population, to have a little paranoia and know how to identify Phishings and Security and Data Protection Policies of organizations.
Corporations need to simplify their multicloud data security strategies and be prepared to be flexible and have a variety of encryption schemes to meet different operational and data protection requirements. CLM CEO Francisco Camargo.
The way is to simplify: 67% of respondents have five to ten managers in charge, which increases the complexity and cost of governing data uniformly across multiple clouds. The percentage represents an increase of 14% compared to 2022.
The LATAM version of Thales Data Threat Report (DTR LATAM) from 2023 is based on Thales global research, which interviewed 2,889 IT security and management professionals from 18 countries, between November and December 2022 via the internet. The research was conducted as an observational study. Data from the worldwide study were extracted to focus on 206 respondents in Brazil and Mexico.
