70% of Firms Have Experienced a Public Cloud Data Breach Last Year

The latest study done by Sophos showed that 96% of firms are worried about the condition of their public cloud security. There seems to be a legitimate rationale for that issue, as 70% of firms that host information or workloads online have encountered a breach of their public cloud environment in the last year. Attacks most frequently include malware (34%), data exposure (29%), ransomware (28%), compromises of account (25%), and cryptojacking (17%).

Information for the study were sourced from a study done by Vanson Bourne that was participated by 3,521 IT managers from 26 countries such as Canada, the United States, France, India, Germany, and the United Kingdom. Over 10 industry markets were represented. Participants employed at least one public cloud provided by Azure, AWS, VMWare Cloud on AWS, Oracle Cloud, Alibaba Cloud, IBM Cloud and Google Cloud. Sophos published the results of the survey in a report entitled The State of Cloud Security 2020.

The three major areas of concern seem to be detection and response, loss of data, and multi-cloud management. Firms that utilize two or more public cloud providers encountered more security breaches compared to firms with only one cloud service provider. Firms using several cloud service providers encountered up to two times more breaches as those only utilizing one public cloud provider.

India had the most number (93%) of companies that encountered a cloud security breach. Italy had the least number (45%) of companies that experienced a breach. The United States reported that 68% of companies experienced a public cloud data breach last year. Sophos explained that the United States’ comparatively low number of cloud security breaches is because U.S. companies have a lot better understanding of their security responsibilities. 90% of the survey participants from the United States state that though the cloud service provider makes certain the platform is safe, each cloud customer is also responsible for its security. Firms must diligently manage and keep track of cloud environments to always stay one step ahead of attackers.

The top prevalent reason for public cloud security breaches include:

  • In the U.S., 75% of breaches were because of misconfigurations and 23% were because of stolen credentials.
  • 66% of public cloud security breaches were due to wrong system configurations and problems in firewall apps allowing cybercriminals to access sensitive information.
  • 44% of attacks were associated with misconfigured web program firewalls
  • 22% were because of the wrong cloud resource configurations.
  • 33% involved the theft of account details.

As firms bring in much more cloud services, complexity and the attack surface increases, and there is more opportunity for misconfigurations. It is consequently crucial for firms to have the appropriate tools to give complete awareness into their cloud environments and to have personnel with competence in cloud security. In spite of the high volume of public cloud data breaches, just one in four companies were thinking about a shortage of staff competence, indicating that a lot of organizations ignore the skills needed to make a great cloud security posture.

Organizations must constantly track their cloud resource settings to detect misconfigured cloud services. The latest study done by Comparitech revealed that cybercriminals are performing automated scans to find misconfigured cloud services and unprotected resources are quickly located and attacked. In the Comparitech research, which employed a compromised Elasticsearch honeypot, the initial data access attempt happened within 9 hours of creating the resource.

Companies likewise must proactively process cloud access. The Sophos study showed that 91% of participants had over-indulged identity and access management functions. By making sure users just get access to the needed cloud resources, problems can be lessened in case of a breach.

The growth of remote working because of COVID-19 has likewise introduced new options for cybercriminals. Remote employees must use VPNs to make sure they have secure access to cloud resources. Monitoring of access attempts must is also necessary. There must also be a multi-factor authentication implemented. 98% of survey participants stated they had deactivated MFA with the use of their cloud provider accounts.