Content, Content

Public Cloud Cybersecurity and Cyberattacks: Research Findings

In the last year, nearly three in four organizations hosting data or workloads in the public cloud were hit by a cybersecurity incident, a new report said.

The events spanned all popular platforms--Azure, Oracle Cloud, AWS, VMWare Cloud on AWS, Alibaba Cloud, Google Cloud and IBM Cloud. Ransomware and other malware accounted for half of public cloud cybersecurity events during the period, security specialist Sophos found in its State of the Cloud 2020 report. The findings are based on information gleaned from interviews with 3,500 IT managers worldwide currently hosting data and workloads in the public cloud. Public cloud security events also included exposed data (29%), compromised accounts (25%), and cryptojacking (17%).

“Thanks to growing demand for remote working and public cloud services, on-premises infrastructure is shifting from asset to liability,” the report said. “But moving to the cloud comes at a cost: increasing every organization’s attack surface. The numerous and well-publicized breaches of data storage services have raised cloud security awareness, but cybercriminals work diligently to stay one step ahead.”

Here are the report’s key findings:

  • 70% of organizations were hit by malware, ransomware, data theft, account compromise attempts or cryptojacking.
  • Nearly 45% of organizations rank data loss as one of their top three focus areas.
  • 96% of organizations are concerned about their current level of cloud security.
  • Data loss, detection and response, and multi-cloud management top the list of the biggest concerns.
  • 73% of organizations are using two or more public cloud providers and reported more security incidents as those using a single platform.
  • Only one in four organizations said a lack of staff expertise is a top concern.
  • Skills needed to create good designs, develop clear use cases, and leverage third-party services for platform tools are crucial but underappreciated.
  • Security gaps in misconfigurations were exploited in 66% of attacks, either through attackers exploiting a flaw in the web application firewall to access account credentials or attackers taking advantage of a misconfigured resource.
  • 33% of attacks used stolen credentials to get into cloud provider accounts.
  • Europeans suffered the lowest percentage of security incidents in the cloud, perhaps an indication that General Data Protection Regulation (GDPR) compliance has taken root. By contrast, 93 percent of organizations in India have been compromised by a security attack in the last year.

Given the spike in remote workers since COVID-19, many organizations still don’t understand their responsibility for security data and workloads in the cloud, said Chester Wisniewski, Sophos principal research scientist. “The recent increase in remote working provides extra motivation to ​disable cloud infrastructure that is being relied on more than ever, so it’s worrisome that many organizations still don’t understand their responsibility in securing cloud data and workloads,” he said. “Cloud security is a shared responsibility, and organizations need to carefully manage and monitor cloud environments in order to stay one step ahead of determined attackers.”

It’s no surprise that ransomware is the most prevalent cyber crime in the public cloud, because it can ​”cripple necessary infrastructure and increase the likelihood of payment,” Wisniewski said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.