Complacency is the enemy of robust cyber security
As technology evolves, so do the tactics of threat actors, meaning every innovation is an opportunity either taken by them or taken by you.
Nowhere is this more evident than in the rise of cloud storage solutions. Offering greater convenience, scalability, reliability and faster access to AI and machine learning, it is little wonder that “the cloud” has taken off so rapidly since the late 2000s.
- According to Fortinet’s report, 39% of organisations were pursuing a hybrid or multi-cloud strategy in 2022, with 76% using two or more cloud providers.
- Flexera’s 2024 State of the Cloud Report shows that the first figure has since risen by 50% to 89% in 2025, with 79% of businesses now running a hybrid cloud setup.
- Gartner estimates that by 2028, more than half of all businesses will use industry cloud platforms to accelerate their initiatives.
These high adoption rates, however, have always been clouded with concern. Ninety-five per cent of Fortinet’s respondents – the same businesses enthusiastically pursuing cloud adoption – also expressed fears over cloud security.
Those fears have only grown in 2025. While cloud computing delivers many benefits, issues such as misconfiguration and insecure interfaces have created new risks to data security and recovery.
Faced with the complexity of the cloud, many companies, as with their wider IT, hand responsibility for security to external experts. However, this creates a risky dependency on those providers’ security that can have devastating consequences.
Below are three examples of organisations that suffered compromise through the cloud and how a data-first approach can help mitigate such risks.
Snowflake Platform Breach
Snowflake is a cloud-native data platform and one of the most widely used and trusted in the world.
In 2024, it became the focal point of a major cyberattack campaign. Threat actors exploited stolen credentials that lacked multi-factor authentication to access customer environments on Snowflake’s warehousing platform.
More than 100 Snowflake customers, including AT&T, Ticketmaster and Santander, had sensitive data compromised.
The stolen data ranged from personal and medical identifiers to event tickets and more than 50 billion call and text metadata records from AT&T. The targeted companies were hit with ransom demands ranging from thousands to millions of pounds, with AT&T paying the hackers a £275,050 ($370,000) bitcoin ransom.
What it highlights
The Snowflake breach highlights the risk of relying heavily on a single cloud provider. Such providers are appealing targets for threat actors who know that by compromising one, they can access data from many.
The incident also underlines the importance of improving cloud access controls and enforcing MFA – practices central to a data-first approach.
London Drugs Cloud Compromise
London Drugs is a Canadian retail chain selling everything from household goods to electronics and automotive products.
In May 2024, its cloud-hosted systems were attacked by the LockBit ransomware gang. Although data was exfiltrated, the company lacked effective backups and was unable to pay the £18.48 million ($25 million) ransom demanded for the return of its data.
What it highlights
While no customer or primary employee data was compromised, London Drugs still faced significant operational disruption and data exposure.
This incident highlights the vulnerability of cloud systems without recovery planning or robust backup strategies. London Drugs needed viable recovery options – options every organisation can establish through a data-first approach.
UniSuper Data Loss Incident
UniSuper is an Australian non-profit superannuation fund serving employees in the education and research sectors.
In 2024, its entire Google Cloud account was accidentally deleted. This caused a large-scale outage, temporary data loss and financial loss due to lost productivity, exposing a critical weakness in the company’s resilience.
UniSuper’s independent data recovery plan was not strong enough to restore services immediately, resulting in a breach of its Recovery Point Objective (RPO) and Recovery Time Objective (RTO).
What it highlights
This incident is a cautionary tale for organisations relying solely on a single cloud provider.
Even reputable providers such as Google Cloud can experience issues. Earlier in 2025, Google Cloud was hit by a data theft campaign that hijacked a Salesloft–Drift integration, compromising customer data.
Organisations must therefore take an independent and proactive approach to cloud security, beginning with their data to build a comprehensive backup strategy.
How to Take a Data-First Approach to Cloud Security
All cybercrime stems from an awareness of the importance and value of your data. To protect it most effectively, you must start with it. Here are three core principles to follow:
Principle 1: Classify and encrypt
Identify your sensitive data – whether personal, financial or regulated – and enforce encryption both in transit and at rest. This ensures it remains protected even if cloud storage is compromised.
Principle 2: Apply granular access controls
Implement role-based access control (RBAC), multi-factor authentication (MFA) and least-privilege principles to ensure only authorised services and users can interact with sensitive data.
Principle 3: Monitor and audit continuously
Use anomaly detection, audit trails and real-time monitoring to prevent data exfiltration, detect unusual activity and maintain compliance with security policies.
In addition, you need a backup strategy that exceeds the traditional 3-2-1 model. While that approach has served businesses since 2005, it is no longer sufficient against the modern threats facing cloud security.
The 3-2-1-1-0 strategy is now recognised as best practice. It focuses on the security, location and integrity of your data.
The 3-2-1-1-0 Backup Strategy
This approach is based on maintaining multiple copies of your data, diversifying storage media and ensuring off-site and immutable backups.
It enables organisations to greatly reduce the risk of data loss and limit the impact of unexpected disruptions.
3 Copies: Keep at least three copies of your data, including the original. This redundancy proved invaluable for UniSuper, as having backups with other service providers significantly improved their recovery process.
2 Media Types: Maintain copies on at least two different storage media, such as an internal hard drive and removable media like tape. This reduces the risk of a single point of failure.
1 Off-Site: Store one copy off-site, either in a different cloud stack or a separate storage account, to protect your data from physical damage at the main location.
1 Immutable: Ensure that one copy of your data is immutable or locked, preventing it from being altered or deleted.
0 Backup Errors: Regularly test your backup process to confirm that data is fully and accurately backed up with zero errors.
By adopting these principles and the 3-2-1-1-0 backup strategy, organisations can create a more confident, resilient and effective approach to cloud security.
Taking a data-first approach allows organisations to adapt to the evolving cyber threat landscape as they work to continually protect and strengthen their most vulnerable asset – their sensitive business data.