Skip to main content
close search
site logo
Dive Brief

Everyone is struggling with cloud security

Published July 10, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Getty Images

First published on

CIO Dive

Dive Brief:

  • Almost all organizations, 96%, have concerns about their current cloud security, according to a Sophos report of more than 3,500 IT managers globally. 
  • Malware or ransomware accounted for half of cloud-based cyberattacks last year. However, in the public cloud, only 30% and 31% of organizations in the U.S. were hit by malware and ransomware, respectively. 
  • Two-thirds of data breaches were caused by security misconfigurations, including cloud resource misconfiguration and misconfigured web application firewall. The remaining cloud-related breaches stemmed from stolen credentials for the cloud.

Dive Insight:

Most enterprises are using a public cloud yet cloud and container security strategies are lagging behind adoption. The lag is significant enough that developers and engineers bypass cloud security or compliance policies. 

In an infrastructure designed around software, developers are free to configure their own infrastructure. And right now, in lockdown, developers can push provisions at odd hours, when there's no security professional to check for errors. 

"While cloud platforms have been around since the early 2000s, cloud adoption is still increasing. Cloud platforms have also increased in complexity over time," John Shier, senior security advisor at Sophos, told CIO Dive. Some industries have yet to entirely embrace the cloud, fearful of data residency and workload complexity. 

Similarities link traditional computing environments and the cloud, but confidence is lacking, especially when multiple clouds are necessary, according to Shier. In an INAP survey last year, 90% of respondents said they intend to have more workloads on the cloud by 2022. Seventy percent of respondents using multicloud solutions have "made management easier to some extent." 

Without on-premise solutions, companies were able to make the leap to remote work nearly overnight, but vulnerabilities remain. The pandemic left industries dealing with a "kicked over hornet's nest" of cyberthreats.  

Ransomware in particular has moved away from individual incidents. "No longer are ransomware gangs content with opportunistic spread. Now these criminals are much more deliberate and thorough," said Shier. 

Risk mitigation is the goal. With the basic tenets of security — regular patches, multifactor authentication, software governance — companies need visibility. "Then you test your defenses, fix any issues and repeat," said Shier. As maturity grows in risk mitigation, companies could adopt active threat hunting

However, "even after all this is done, it's still possible to fool someone into making a mistake. But at least now you'll be in a better place to rapidly respond to the issue and minimize the fallout," said Shier.

Recommended Reading

Filed Under: Threats

Editors' picks

Company Announcements

View all | Post a press release
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Editors' picks
Latest in Threats
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell