A cloud security survey by cybersecurity firm Sophos revealed that 70% of organizations suffered at least one public cloud security breach in 2019, including other security incidents like ransomware attacks (50%), compromised accounts (25%), exposed data (29%), and cryptojacking (17%).
The survey report titled “The State of Cloud Security 2020” stated that 50% of organizations that use multi-cloud environments are more likely to suffer a cloud security incident than those using a single cloud. Organizations in Europe were less affected by cloud security incidents due to the region’s existing GDPR law. While in India, nearly 93% of organizations were hit by an attack in the last year.
Misconfigurations Increase the Risks
Inadvertent database exposure continues to be a major risk for organizations, with misconfigurations exploited in 66% of reported attacks. Besides, 33% of organizations reported that attackers gained access through stolen cloud provider account credentials. A quarter of organizations stated that managing access to cloud accounts is a primary concern to them. Nearly 96% of respondents admitted that they face issues with their current level of cloud security, while 44% of respondents reported data breaches are the top security concern. Only 1 in 4 respondents stated lack of staff expertise as a top concern.
Chester Wisniewski, the Principal Research Scientist at Sophos, said, “Ransomware, not surprisingly, is one of the most widely reported cybercrimes in the public cloud. The most successful ransomware attacks include data in the public cloud and attackers are shifting their methods to target cloud environments that cripple necessary infrastructure and increase the likelihood of payment. The recent increase in remote working provides extra motivation to disable cloud infrastructure that is being relied on more than ever, so it is worrisome that many organizations still don’t understand their responsibility in securing cloud data and workloads. Cloud security is a shared responsibility, and organizations need to carefully manage and monitor cloud environments in order to stay one step ahead of determined attackers.”
The survey findings are based on the responses from more than 3,500 IT managers across 26 countries in Europe, the Americas, Asia Pacific, the Middle East, and Africa that currently host data and workloads in the public cloud.
Cloud Security Risks on Rise
A similar survey, “State of Cloud Security,” conducted by Fugue revealed that IT and cloud security professionals are concerned about the security of their cloud environments as several organizations working remotely. The survey found that 96% of cloud engineering teams are at present 100% working from home, while 83% of them completed the transition or are still in the process. It also found that 84% (who are making the shift) are concerned about security vulnerabilities created during the swift adoption of new access policies, networks, and devices used for managing cloud infrastructure remotely. The survey stressed that preventing cloud misconfiguration remains a challenge for cloud engineering and security teams, with 73% of them citing more than 10 incidents per day, 36% experiencing more than 100 per day, and 10% suffering more than 500 per day.
