Share this article on:
A recent study conducted by Sophos has revealed 96% of companies are concerned about the state of their public cloud security. There appears to be a valid cause for that concern, as 70% of companies that host data or workloads in the cloud have experienced a breach of their public cloud environment in the past year. The most common attack types were malware (34%), followed by exposed data (29%), ransomware (28%), account compromises (25%), and cryptojacking (17%).
Data for the study came from a survey conducted by Vanson Bourne on 3,521 IT managers in 26 countries including the United States, Canada, France, Germany, India, and the United Kingdom. More than 10 industry sectors were represented. Respondents used one or more public clouds from Azure, Oracle Cloud, AWS, VMWare Cloud on AWS, Alibaba Cloud, Google Cloud and IBM Cloud. The findings of the survey were published in the Sophos report: The State of Cloud Security 2020.
The biggest areas of concern are data loss, detection and response and multi-cloud management. Companies that use two or more public cloud providers experienced more security incidents than companies with just one cloud service provider. Up to twice as many breaches were experienced by companies using multiple clouds compared to those just using one public cloud provider.
India was the worst affected country with 93% of organizations experiencing a cloud security breach, with Italy the least affected with 45% of organizations experiencing a breach. 68% of organizations in the United States reported experiencing a public cloud data breach in the past 12 months. Sophos suggests the relatively low number of cloud security incidents in the United States is due to US organizations having a much better understanding about where the responsibilities for security lie. 90% of respondents from organizations in the United States understood that while the cloud service provider ensures the platform is secure, security is also the responsibility of each cloud customer. “Cloud security is a shared responsibility and organisations need to carefully manage and monitor cloud environments in order to stay one step ahead of determined attackers,” explained Sophos’ principal research scientist Chester Wisniewski. Organizations in the United States also have greater visibility into their public cloud environment. 85% of respondents from organizations in the US said they were fully aware of all of their cloud assets, which is 17% more than the global average.
The most common cause of public cloud security breaches were system misconfigurations and flaws in firewall applications, which were exploited in 66% of public cloud security incidents and allowed cybercriminals to gain access to sensitive data over the internet. 44% of attacks involved misconfigured web application firewalls and 22% were due to cloud resource misconfigurations. 33% of attacks involved the theft of account credentials. In the United States, 75% of successful breaches were due to misconfigurations and 23% involved the use of stolen credentials.
As companies introduce more cloud services and increase the number of clouds they use, complexity increases, the attack surface grows, and there is greater potential for misconfigurations. It is therefore important for organizations to have the right tools to provide full visibility into their cloud environments and to have staff with expertise in cloud security. Despite the high number of public cloud data breaches, only one in four organizations was concerned about a lack of staff expertise, suggesting many organizations undervalue the skills required to create a good cloud security posture.
Organizations need to continuously monitor their cloud resource configurations to identify misconfigured cloud services. A recent study conducted by Comparitech showed cybercriminals are conducting automatic scans to identify misconfigured cloud services and unsecured resources are rapidly found and attacked. In the Comparitech study, which used an exposed Elasticsearch honeypot, the first attempt to access data came within 9 hours of the resource being created.
Organizations also need to proactively manage cloud access. The Sophos survey revealed 91% of respondents had over-privileged identity and access management roles. By ensuring users only have access to the cloud resources they need, harm can be minimized in the event of a breach.
The increase in remote working due to COVID-19 has also presented new opportunities for cybercriminals. Remote workers should be provided with VPNs to ensure they can access cloud resources securely and access attempts should be monitored. It is also important to set up multi-factor authentication. Even though multi-factor can prevent data breaches, 98% of respondents had disabled MFA on their cloud provider accounts.