Skip to main content
close search
site logo
Dive Brief

Compromised cloud costs companies $6.2M annually, study finds

Published May 27, 2021
David Jones's headshot
Reporter
Sean Gallup via Getty Images

Dive Brief:

  • Compromised cloud accounts cost companies an average of $6.2 million each year, according to research from Ponemon Institute on behalf of Proofpoint released Wednesday. The research is based on a survey of 662 IT and IT security professionals in the U.S.

  • More than two-thirds of professionals say the compromised accounts represent a "significant security risk "to their companies, while about half of the survey respondents say the incidents have become more frequent and severe over the past 12 months. 

  • Microsoft 365 and Google Workspace accounts have been heavily targeted using either brute force or phishing attacks, according to 57% of respondents. Fifty-one percent of respondents said phishing is the most heavily used method of attack.

Dive Insight:

Cloud-based applications, which are being deployed more frequently since enterprises largely went remote in March 2020, are creating heightened security risks for corporate security professionals.

Organizations experience 138 hours of application downtime per year due to compromised cloud accounts, according to the Ponemon Institute report. IT and IT security teams spend nearly 1,200 hours per month, totaling 14,184 hours per year, dealing with an average of 64 cloud account compromises.

"In the last year, we've witnessed more sophisticated attacks as well as an increase in attack surfaces," a Microsoft spokesperson said via email. 

Microsoft embraces built-in identity defenses as part of a zero trust strategy, the spokesperson said, adding that Microsoft 365 takes a multi-layered approach to security and protecting sensitive data. 

Microsoft is aware weak passwords and password spraying are the entry point for the majority of attacks. It's important for users to keep up basic security hygiene and Microsoft Azure or 365 users need to turn on multifactor authentication, which they can do without any additional charge.

In many cases workers were also bringing unapproved apps into the corporate environment. Three-quarters of IT professionals said introducing applications or tools without the approval of IT teams creates additional risk, according to the Ponemon Institute study. 

When unapproved apps are deployed in the corporate environment, they can open up the network to attackers in ways that IT security officials can’t anticipate. Shadow IT puts sensitive data at risk and companies should embrace a cloud-based security broker to further protect data, a December report by Gartner warned.

Google officials did not immediately return a request for comment. 

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell