Though businesses have been gradually planning cloud migrations for the last decade, cloud adoption has become a particularly hot topic in the last year, with the increase in remote work. The cloud offers increased flexibility and productivity, as well as reduced costs. However, when improperly managed, it can also expose your organization to a wealth of sophisticated cyberthreats.
We’ve collected the most recent cloud security statistics from around the world to illustrate the breadth and severity of threats to your cloud data. These stats come from third-party surveys and reports, and we’ll be updating them as new research emerges to help you stay on top of the latest figures.
The Frequency Of Cloud Attacks
In the last 18 months, 79% of companies have experienced at least one cloud data breach; even more alarmingly, 43% have reported 10 or more breaches in that time.
When 92% of organizations are currently hosting at least some of their IT environment in the cloud, that means the majority of all businesses today have experienced a breach.
Part of the problem is the unanticipated speed with which many organizations have undertaken their cloud adoption process, in a desperate scramble to provision their employees to work remotely as a result of the COVID-19 pandemic. For many companies, this necessity meant sacrificing security to provision employees as quickly as possible. This led to many organizations using tools and applications that weren’t purpose-built for the cloud, and thus were less capable of scaling securely to meet the demands of a cloud environment. In fact, according to the same study referenced above, 46% of organizations use cloud-based applications purpose-built for the cloud, while 54% instead moved them from an on-premises environment.
Enterprises are more likely to have migrated on-prem applications, while SMBs are more likely to have taken a cloud-native approach to their adoption. In terms of industry, government and financial services organizations were significantly more likely to migrate on-prem applications, while technology and education were as likely to be using migrated on-prem applications as purpose-built cloud apps.
There are numerous challenges associated with securing a diverse cloud environment, which brings us onto our next section…
Cloud Security Challenges
One survey found that compliance and auditing challenges are the most common issue that organizations face within Infrastructure-as-a-Service (IaaS) environments; 52% of those surveyed reporting having had difficulties with this. Compliance and auditing were followed by security issues, with 45%, and actual data breaches, with 26%. This is a surprising statistic, considering the figures above; security issues are often the most commonly reported within IT environments. However, delving deeper into the cause of these issues, the survey found that 32% of companies experienced the wrong users having privileged access, and 25% experiencing problems with unauthorized users, both of which present reasons for audit failings as well as security risks.
Another survey found the top challenges associated with public clouds to be:
- Controlling cloud costs (40%)
- Data privacy and security challenges (38%)
- Securing/protecting cloud resources (31%)
- Governance/compliance (30%)
- Lack of cloud security skills/expertise (30%)
This data better fits our expectation that more organizations are struggling with cloud security, as three of the top five challenges involve securing the cloud environment. We might also deduce that the number one challenge—controlling cloud costs—has an impact on cloud security, as organizations potentially cut security costs to increase their productivity budget.
The challenges associated with cloud computing also vary according to industry. Enterprises struggle the most with data privacy and security (42%), governance and compliance (39%) and controlling costs (37%). SMBs, on the other hand, rank controlling costs as their greatest challenge (43%), followed by data privacy and security (36%), migrating data to the cloud, securing cloud resources, and dealing with a lack of cloud security skills (all 28%).
But what are the security-specific challenges that companies are facing, which are causing many to fall victim to data breaches? According to Statista, the top cloud security concerns are data loss and leakage (69%), and data privacy/confidentiality (66%), followed by accidental exposure of credentials (44%).
Despite being aware of these challenges, only one in five organizations assess their overall cloud security posture in real time. The same amount conduct weekly evaluations, and a concerning 58% evaluate their posture once a month, or even less frequently.
Additionally, 22% of organizations still assess their cloud security posture manually, which is not only a drain on security resources, but also leaves room for human error in their assessments. When 93% of organizations are concerned about human error causing the accidental exposure of data, it begs the question as to why more businesses aren’t utilizing the support of security automation.
How Businesses Are Being Breached
According to recent research, the highest ranked cloud threats are misconfiguration, unauthorized access, insecure interfaces and account hijacking.
This data is supported by a further report, which also found misconfiguration to be the top cloud security threat, followed by lack of visibility into access settings and activities, and identity and access management (IA) permissions errors.
It comes as little surprise that account access and misconfiguration rank so highly; Verizon’s latest DBIR reports hacking and misconfiguration errors as being the most common sources of data breaches respectively.
But what do those attacks look like?
Misconfiguration And Human Error
Misconfiguration, or human error, is when computing assets (in this case, cloud assets) are set up incorrectly. This leaves them vulnerable to malicious activity, and can mean that security incidents or breaches aren’t picked up as quickly.
Another issue when it comes to misconfiguration is the set up of access permissions. One of the biggest targets for cybercriminals carrying out identity- and access-related attacks is privileged accounts. Privileged accounts provide administrative levels of access to “high-tier” corporate systems that would have severe consequences if breached, based on higher levels of permissions. This makes privileged accounts a lucrative, and enticing, target for cybercriminals trying to access critical corporate data.
In the last two years, 34% of identity-related breaches have involved the compromise of privileged accounts. But, despite the very real threat of privileged account compromise, only 38% of organizations are currently using MFA to secure their privileged accounts, and more than 90% of cloud identities are using less than 5% of the permissions they’ve been granted. This enables attackers to exploit accounts with misconfigured permissions to gain access to critical data undetected by security teams.
This is particularly common challenge within the AWS cloud service. In AWS, more than half of enterprises have identities with the ability to escalate their own privileges to a super admin role. This means that identities with hidden privilege escalation abilities can grant themselves admin privileges without approval and gain unauthorized access to critical data, making it possible for attackers to access critical systems from user-level accounts.
As well as user identities, machine identities are also generally over-permissioned, and greater than 40% of these are inactive.
Account Takeover Attacks
Around 25% of all data breaches involve phishing. Phishing is when a bad actor contacts their target, usually via email, posing as a trusted source. During their communication, the attacker tries to manipulate their target into either:
- Handing over sensitive or confidential information, such as their login credentials, with which they can log into and take over their target’s account.
- Clicking on a malicious link or attachment that will download malware to the target’s device, enabling the attacker to spy on—or take over—the account.
From here, the attacker can steal corporate data, and carry out further phishing attacks to gain access to higher privileged accounts—we’ll circle back to this later.
One of the ways in which cybercriminals use the cloud in phishing attempts, is by directing users to phishing pages that use legitimate domain names, such as docs.google.com, my-sharepoint.com or cloudfront.net. These content delivery networks and cloud file share services enable their “customers” to host their own content on a legitimate domain. While this gives users far greater file storage capabilities, it also, unfortunately, gives cybercriminals somewhere to host malicious files, disguised as a legitimate domain.
There are two reasons why attackers do this. Firstly, users are more likely to click on a link that appears to be from a trusted domain. Secondly, security companies can’t completely block these domains without blocking all content hosted on them—including the good stuff.
This one may come as a surprise, but 59% of ransomware incidents where the data is successfully encrypted involve data in the public cloud. This is both in terms of where the data is stolen from, and where the attacker stores it while they demand their ransom payment. The attacker typically sends encrypted data to a legitimate cloud storage service, which makes it more difficult for the victim to locate. Google Drive, Amazon S3 and Mega.nz are the most common cloud storage services used for storing exfiltrated data.
Who The Victims Are
Organizations of any size could fall victim to an attack targeting their cloud data—assuming they’re hosting data in the cloud. However, there are differences in attack rates when we filter incidents by industry.
A recent study found that 41% of breaches caused by cloud misconfiguration are of tech companies, followed by healthcare organizations at 20%, government agencies at 10%, and hospitality and finance at 6% each. The remaining breaches target other industries.
Additionally, organizations using a public cloud content storage or sharing system may be more likely to fall victim to phishing attacks that host malicious files on seemingly-legitimate domains. In 2020, Amazon Web Services (AWS) had a 76% share of enterprise cloud adoption, followed by Microsoft Azure with a 69% share and Google Cloud with a 34% share.
Further research conducted on the popularity of cloud data warehouses backs up the fact that these are the three biggest players, while also naming Snowflake as a fourth popular system.
The Impact Of A Data Breach
Data breaches are expensive, not only due to the cost of recovering from the breach itself, but also in terms of downtime, reputational damage, compliance fines, and legal fees.
According to IBM, the average cost of a data breach is 4.24 million US dollars. The study shows an increasing gap between the cost of a breach suffered by organizations with advanced security processes in place, and those without. This means that costs incurred are significantly lower for those with a formal security architecture than those without.
As for cloud breaches in particular, hybrid cloud breaches were the least expensive, costing an average of 3.61 million US dollars—28.3% less than public cloud breaches. On top of this, companies are likely to experience higher breach costs when they’re in the middle of a large cloud migration, and also take longer to identify and contain breaches than those further along in their cloud modernization journey.
Current Cloud Trends
As we move further into 2021 and employees start to return to the office, or embrace a hybrid-remote way of working, it’s inevitable that digital transformation and, with it, cloud adoption, are only going to continue to increase. Organizations that have not yet migrated will find themselves having to, for fear of being left behind.
Because of this, worldwide end-user spending on public cloud services is expected to grow to $362.3 billion this year.
As for the enterprise use case, enterprise cloud spend is expected to increase just as dramatically, and is forecast to make up 14.2% of the total global enterprise IT spending market in 2024. As a result, a rise in cloud computing budgets is also anticipated.
As more people migrate to the cloud, the challenges of cost management, governance and security will also increase. It’s important that organizations have the right tools and process in place to manage and secure their data throughout the entire transformation process, as well as once in the cloud. So, without further ado…
How Can You Protect Your Cloud Data?
There are numerous solutions designed to help protect organizations against the sophisticated cyberattacks currently being targeted towards cloud data. These include CASBs, MFA and PAM solutions, and antivirus software.
Cloud Access Security Brokers
79% of enterprises want better integrated security and governance for their data in the cloud. Cloud Access Security Brokers, or CASBs, can help businesses to achieve this goal. CASBs sit between cloud service users and cloud applications, monitoring activity and ensuring the proper enforcement of security policies. They also give admins visibility into application usage, helping to ensure compliance needs whilst providing a strong level of security via enhanced encryption and access controls across cloud accounts.
The top five reasons that organizations use CASBs are to monitor user behavior, detect unauthorized access, classify data, spot compliance gaps, and pinpoint data location. If any of the above align with your business need for cloud security, check out our guide to the The Top 10 Cloud Access Security Brokers (CASBs), in which we compare the best CASBs on the market and delve deeper into their key features and benefits.
Multi-factor authentication, or MFA, is a type of authentication technology that requires users to prove their identity in two or more ways before they’re granted access to an account, application or system. There are three methods, of “factors”, by which a user can authenticate:
- Something they know, such as a password or PIN
- Something they have, such as a hardware token or authenticator app
- Something they are, which refers to biometric authentication, such as a fingerprint scan
With MFA implemented, a hacker can’t gain access to a user’s account, even if they manage to steal that user’s password during a phishing attack.
Providing the right level of access to users is among the top cloud access priorities for organizations currently. Unfortunately, this is a difficult task to complete manually; improper permissions may fall under the radar as they’re often granted automatically when a new application is added to the cloud environment, so constant monitoring is required to keep on top of them.
Privileged access management, or PAM, solutions enable organizations to monitor and control the activities of their privileged users, including assigning access permissions for key business systems and controlling what actions a user is allowed to carry out once logged in. They provide an extra layer of protection for critical business systems, whilst also ensuring better governance and compliance with regulatory bodies.
PAM may sound similar to MFA, but the two solutions are quite different. PAM solutions store the login credentials of privileged admin accounts in a secure repository. To gain “just in time” access to those credentials, privileged users have to go through an authentication process (such as MFA), which log that they’ve verified their identity and also which account they’ve accessed. This process reduces the risk of privileged credentials being stolen, and it allows organizations to monitor account access for any suspicious activity.
Endpoint Security And Antivirus Software
Antivirus software secures individual endpoints by detecting and blocking malicious files, such as those that might be installed during a phishing attack. Because it’s installed at an individual level, antivirus software is best suited to SMBs and smaller teams.
Endpoint security is designed for a more enterprise use case. As such, it enables admins to monitor the security of multiple endpoints centrally, making them more suited to larger organizations or those with a large number of remote workers and BYOD devices.
Both types of solution work in a similar way: they run in the background of the device they’re installed on, scanning files, applications and programs for known viruses and malware. If such malicious content is detected, the solution quarantines it or removes it permanently, as per admin configuration.
Want to find out more about how you can protect your cloud data? Check out our buyers’ guides to the top security solutions that will help you defend against threats in the cloud: