Though businesses have been gradually planning cloud migrations for the last decade, cloud adoption has become a particularly hot topic in the last year, with the increase in remote work. The cloud offers increased flexibility and productivity, as well as reduced costs. However, when improperly managed, it can also expose your organization to a wealth of sophisticated cyberthreats.
We’ve collected the most recent cloud security statistics from around the world to illustrate the breadth and severity of threats to your cloud data. These stats come from third-party surveys and reports, and we’ll be updating them as new research emerges to help you stay on top of the latest figures.
The Frequency Of Cloud Attacks
45% of breaches are cloud-based. According to a recent survey, 80% of companies have experienced at least one cloud security incident in the last year, and 27% of organizations have experienced a public cloud security incident—up 10% from last year.
When 72% of organizations are defaulting to cloud-based services when upgrading or purchasing new technologies, that means the majority of all businesses today have experienced a breach.
Part of the problem is the unanticipated speed with which many organizations have undertaken their cloud adoption process, in a desperate scramble to provision their employees to work remotely as a result of the COVID-19 pandemic. For many companies, this necessity meant sacrificing security to provision employees as quickly as possible. This led to many organizations using tools and applications that weren’t purpose-built for the cloud, and thus were less capable of scaling securely to meet the demands of a cloud environment. In fact, according to the same study referenced above, 46% of organizations use cloud-based applications purpose-built for the cloud, while 54% instead moved them from an on-premises environment.
Enterprises are more likely to have migrated on-prem applications, while SMBs are more likely to have taken a cloud-native approach to their adoption. In terms of industry, government and financial services organizations were significantly more likely to migrate on-prem applications, while technology and education were as likely to be using migrated on-prem applications as purpose-built cloud apps.
There are numerous challenges associated with securing a diverse cloud environment, which brings us onto our next section…
Cloud Security Challenges
Although hosting IT in the cloud has many benefits, such as greater flexibility, cost savings, and improved continuity, 96% of organizations have experienced significant challenges when implementing their cloud strategy.
There are three major challenges here: cost control, security management, and the cloud skills gap. When it comes to security, 35% of IT decision-makers report facing challenges around data privacy and security; 34% report challenges around lack of cloud security skills and expertise; and 25% report challenges around securing cloud resources.
This is further confirmed by the Flexera 2022 State of the Cloud Report, which finds the top cloud challenges for all organizations to be:
- Security (85%)
- Lack of resource/expertise (83%)
- Managing cloud spend (81%)
- Governance (77%)
- Managing software licenses (76%)
- Compliance (76%)
- Central cloud team/business unit responsibility balancing (73%)
- Cloud migration (73%)
- Managing multi-cloud (71%)
But why is security such a challenge? Well, the same report found that public cloud spend is over budget by an average of 13% across all organizations, and cloud spend is expected to grow by a further 29% in the next 12 months. This means that organizations will be focusing more than ever on optimizing their cloud costs. And unfortunately, cutting costs often has a direct impact on security, as organizations potentially cut security costs to increase their productivity budget.
Perhaps as a result of this, 80% of organizations do not have a dedicated cloud security team or lead.
And what are the security-specific challenges that companies are facing, which are causing many to fall victim to data breaches? According to Statista, the top cloud security concerns are data loss and leakage (69%), and data privacy/confidentiality (66%), followed by accidental exposure of credentials (44%).
Despite being aware of these challenges, only one in five organizations assess their overall cloud security posture in real-time. The same amount conduct weekly evaluations, and a concerning 58% evaluate their posture once a month, or even less frequently.
Additionally, 22% of organizations still assess their cloud security posture manually, which is not only a drain on security resources, but also leaves room for human error in their assessments. When 93% of organizations are concerned about human error causing the accidental exposure of data, it begs the question as to why more businesses aren’t utilizing the support of security automation.
How Businesses Are Being Breached
According to recent research, the top security-related cloud threats are misconfiguration, data exposed by users, account compromise, and vulnerability exploits.
This data is supported by a further report, which also found misconfiguration to be the top cloud security threat, followed by lack of visibility into access settings and activities, and identity and access management (IA) permissions errors.
It comes as little surprise that account access and misconfiguration rank so highly; Verizon’s latest DBIR reports hacking and misconfiguration errors as being among the most common sources of all data breaches, with error being responsible for 13% of breaches, and the human element being involved in 82%.
But what do those attacks look like?
Misconfiguration And Human Error
Misconfiguration, or human error, is when computing assets (in this case, cloud assets) are set up incorrectly. This leaves them vulnerable to malicious activity, and can mean that security incidents or breaches aren’t picked up as quickly.
Misconfigurations are the primary risk for all businesses using the cloud, with deployment misconfigurations and unapproved changes made post-deployment resulting in a large number of cloud security incidents to be addressed.
The top cloud misconfigurations are:
- Insecure use of data backups (23%)
- Insecure data transit (21%)
- Missing logs (21%)
- Lack of monitoring (20%)
- Insecure API keys (20%)
- Object storage misconfiguration (20%)
- Production data in non-production environments (20%)
- Insecure access to containers or VMs (19%)
- Security groups (19%)
- Insecure data storage (18%)
- IAM misconfiguration (17%)
- Orphaned resources (15%)
Detecting cloud misconfigurations is the top priority for organizations with a high cloud security maturity level.
Identity And Access
Another issue when it comes to misconfiguration is the set up of access permissions. 83% of organizations report that at least one of the cloud data breaches they’ve experienced have been related to access, and around 50% report that at least a quarter of their cloud breaches were related to access. This is likely because 52% of organizations lack visibility into which resources a user can access, and the level of permission or privilege granted.
One of the biggest targets for cybercriminals carrying out identity- and access-related attacks is privileged accounts. Privileged accounts provide administrative levels of access to “high-tier” corporate systems that would have severe consequences if breached, based on higher levels of permissions. This makes privileged accounts a lucrative, and enticing, target for cybercriminals trying to access critical corporate data.
Unfortunately, organizations are finding it difficult to implement least-privilege access in their cloud environments; in fact, of all large organizations that try, 50% fail. The top barriers to implementing least-privilege access are the difficulty of uniformly managing access across multiple clouds, lack of visibility into cloud infrastructure, and that implementation is difficult and time-consuming.
Attackers can exploit accounts with misconfigured permissions to gain access to critical data undetected by security teams. This is a particularly common challenge within the AWS cloud service. In AWS, more than half of enterprises have identities with the ability to escalate their own privileges to a super admin role. This means that identities with hidden privilege escalation abilities can grant themselves admin privileges without approval and gain unauthorized access to critical data, making it possible for attackers to access critical systems from user-level accounts.
As well as user identities, machine identities are also generally over-permissioned, and greater than 40% of these are inactive.
Account Takeover Attacks
82% of all data breaches involve the human element, such as human error, credential theft, or social engineering, such as phishing. Phishing is when a bad actor contacts their target, usually via email, posing as a trusted source. During their communication, the attacker tries to manipulate their target into either:
- Handing over sensitive or confidential information, such as their login credentials, with which they can log into and take over their target’s account.
- Clicking on a malicious link or attachment that will download malware to the target’s device, enabling the attacker to spy on—or take over—the account.
From here, the attacker can steal corporate data, and carry out further phishing attacks to gain access to higher privileged accounts—we’ll circle back to this later.
One of the ways in which cybercriminals use the cloud in phishing attempts, is by directing users to phishing pages that use legitimate domain names, such as docs.google.com, my-sharepoint.com or cloudfront.net. These content delivery networks and cloud file share services enable their “customers” to host their own content on a legitimate domain. While this gives users far greater file storage capabilities, it also, unfortunately, gives cybercriminals somewhere to host malicious files, disguised as a legitimate domain.
There are two reasons why attackers do this. Firstly, users are more likely to click on a link that appears to be from a trusted domain. Secondly, security companies can’t completely block these domains without blocking all content hosted on them—including the good stuff.
Who The Victims Are
Organizations of any size could fall victim to an attack targeting their cloud data—assuming they’re hosting data in the cloud. However, there are differences in attack rates when we filter incidents by industry.
A recent study found that 41% of breaches caused by cloud misconfiguration are of tech companies, followed by healthcare organizations at 20%, government agencies at 10%, and hospitality and finance at 6% each. The remaining breaches target other industries.
Additionally, organizations using a public cloud content storage or sharing system may be more likely to fall victim to phishing attacks that host malicious files on seemingly-legitimate domains. In 2020, Amazon Web Services (AWS) had a 76% share of enterprise cloud adoption, followed by Microsoft Azure with a 69% share and Google Cloud with a 34% share.
Further research conducted on the popularity of cloud data warehouses backs up the fact that these are the three biggest players, while also naming Snowflake as a fourth popular system.
The Impact Of A Data Breach
Data breaches are expensive, not only due to the cost of recovering from the breach itself, but also in terms of downtime, reputational damage, compliance fines, and legal fees.
According to IBM, the average cost of a data breach is 4.35 million US dollars. The study shows an increasing gap between the cost of a breach suffered by organizations with advanced security processes in place, and those without. This means that costs incurred are significantly lower for those with a formal security architecture than those without.
As for cloud breaches in particular, public cloud breaches were more expensive than hybrid cloud breaches. On top of this, companies with mature cloud security had a lower-than-average cost of data breach, at 3.87 million dollars—15.7% less than those with early-stage maturity, which have begun applying some security practices. This is likely because those with more mature security are able to identify and contain a breach much quicker than those with less mature security.
Current Cloud Trends
As we move further into 2021 and employees start to return to the office, or embrace a hybrid-remote way of working, it’s inevitable that digital transformation and, with it, cloud adoption, are only going to continue to increase. Organizations that have not yet migrated will find themselves having to, for fear of being left behind.
Because of this, worldwide end-user spending on public cloud services is expected to grow to nearly 600 billion dollars this year, up over 20% from 490.3 billion in 2022.
As for the enterprise use case, enterprise cloud spend is expected to increase by 29% in the next year. As a result, a rise in cloud computing budgets is also anticipated.
As more people migrate to the cloud, the challenges of cost management, governance and security will also increase. It’s important that organizations have the right tools and process in place to manage and secure their data throughout the entire transformation process, as well as once in the cloud. So, without further ado…
How Can You Protect Your Cloud Data?
There are numerous solutions designed to help protect organizations against the sophisticated cyberattacks currently being targeted towards cloud data. These include CASBs, MFA and PAM solutions, and antivirus software.
Cloud Access Security Brokers
Cloud Access Security Brokers, or CASBs, can help businesses to integrate security and governance for their cloud data. CASBs sit between cloud service users and cloud applications, monitoring activity and ensuring the proper enforcement of security policies. They also give admins visibility into application usage, helping to ensure compliance needs whilst providing a strong level of security via enhanced encryption and access controls across cloud accounts.
The top five reasons that organizations use CASBs are to monitor user behavior, detect unauthorized access, classify data, spot compliance gaps, and pinpoint data location. If any of the above align with your business need for cloud security, check out our guide to the The Top 10 Cloud Access Security Brokers (CASBs), in which we compare the best CASBs on the market and delve deeper into their key features and benefits.
MFA
Multi-factor authentication, or MFA, is a type of authentication technology that requires users to prove their identity in two or more ways before they’re granted access to an account, application or system. There are three methods, of “factors”, by which a user can authenticate:
- Something they know, such as a password or PIN
- Something they have, such as a hardware token or authenticator app
- Something they are, which refers to biometric authentication, such as a fingerprint scan
With MFA implemented, a hacker can’t gain access to a user’s account, even if they manage to steal that user’s password during a phishing attack.
PAM
Providing the right level of access to users is among the top cloud access priorities for organizations currently. Unfortunately, this is a difficult task to complete manually; improper permissions may fall under the radar as they’re often granted automatically when a new application is added to the cloud environment, so constant monitoring is required to keep on top of them.
Privileged access management, or PAM, solutions enable organizations to monitor and control the activities of their privileged users, including assigning access permissions for key business systems and controlling what actions a user is allowed to carry out once logged in. They provide an extra layer of protection for critical business systems, whilst also ensuring better governance and compliance with regulatory bodies.
PAM may sound similar to MFA, but the two solutions are quite different. PAM solutions store the login credentials of privileged admin accounts in a secure repository. To gain “just in time” access to those credentials, privileged users have to go through an authentication process (such as MFA), which log that they’ve verified their identity and also which account they’ve accessed. This process reduces the risk of privileged credentials being stolen, and it allows organizations to monitor account access for any suspicious activity.
Endpoint Security And Antivirus Software
Antivirus software secures individual endpoints by detecting and blocking malicious files, such as those that might be installed during a phishing attack. Because it’s installed at an individual level, antivirus software is best suited to SMBs and smaller teams.
Endpoint security is designed for a more enterprise use case. As such, it enables admins to monitor the security of multiple endpoints centrally, making them more suited to larger organizations or those with a large number of remote workers and BYOD devices.
Both types of solution work in a similar way: they run in the background of the device they’re installed on, scanning files, applications and programs for known viruses and malware. If such malicious content is detected, the solution quarantines it or removes it permanently, as per admin configuration.
Want to find out more about how you can protect your cloud data? Check out our buyers’ guides to the top security solutions that will help you defend against threats in the cloud:
