Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.

Suppliers, Cloud Providers Are Threats to Enterprise Data, Survey Says

Other threats to enterprise data include cybercriminals, authorized users, foreign governments, and application vulnerabilities, according to Dark Reading's recent Strategic Security Report.

Edge Editors, Dark Reading

November 16, 2021

2 Min Read
Bar chart showing top 6 security threats to enterprise data
Source: Dark Reading

Security threats come in many shapes and forms – and enterprise security teams have their hands full dealing with data breaches, ransomware infections, and supply chain attacks. Data from Dark Reading’s latest Strategic Security Survey shows that the majority of IT security leaders are concerned about the broad array of threats against enterprise data, despite feeling confident in their ability to detect and respond to incidents. As the figure shows, 58% of security leaders say cybercriminals pose the biggest threat to enterprise data, followed by 40% concerned about authorized users and internal employees. Tellingly, a small but significant number of respondents cited cloud and network service providers, and suppliers and contractors, two groups that didn’t really come up in the 2020 survey, as significant threats.

In the survey, 23% of the respondents say they are concerned about the risks suppliers and contractors pose to enterprise data, followed by 18% who named cloud and network service providers. Application vulnerabilities and foreign governments, at 36% and 25%, were also in the top 6.

The list of threats data map very closely to types of security incidents defenders are most worried about. Cybercriminals are continually refining their techniques to make it possible to steal corporate data and personal information, whether that is through ransomware or otherwise compromising applications and systems. Phishing attacks and business email compromise trick authorized users into giving up information or performing tasks they shouldn’t be. There have been a number of attacks targeting application vulnerabilities, such as the PrintNightmare vulnerability in Microsoft’s Windows Print Spooler service that allowed attackers to view, change, or delete data. Attacks by foreign government don’t sound as far-fetched anymore, especially after reports that Chinese-sponsored attackers targeted Microsoft Exchange swept up emails, calendars entries, and contacts information. The Kaseya attack highlighted anew how compromising suppliers and contractors can impact downstream customers. Researchers also uncovered a vulnerability in Azure Cosmos DB which, if exploited, could have impacted thousands of Azure customers. And finally, attacks by malicious insiders remain an important area of concern.

About the Author(s)

Edge Editors

Dark Reading

The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights