Sophos: Public Cloud Security Incidents Plaguing Many Organizations

A new Sophos public cloud security survey shows three in four organizations falling victim to security incidents, including ransomware and other malware.

The State of Cloud Security 2020 report highlights findings of an independent survey conducted by Vanson Bourne. It polled more than 3,500 IT managers across 26 countries that host data and workloads in the public cloud.

Exposed data, compromised accounts and cryptojacking are also plaguing businesses.

The vast majority of organizations are concerned about their level of public cloud security. Therefore, channel partners are uniquely positioned to serve as security advisors to these organizations. 

Cloud Security Incident Drivers

John Shier is senior security advisor at Sophos. He said the biggest contributors to many public cloud security incidents are lack of expertise, visibility and proactive management.

Sophos’s John Shier

“For some businesses, the cloud is very transformative and seen as a key business enabler,” he said. “Cloud platforms are immensely flexible and allow for a wide variety of deployment scenarios. That means they can be complex and complicated to deploy correctly and securely. Therefore, not having the expertise required to deploy a cloud instance means it can be easy to do it incorrectly.”

The lack of visibility means it’s easier for shadow IT to exist and for incorrect users, access and interconnections between services to go unnoticed, Shier said.

“While there are some similarities between traditional workloads and cloud-based ones, there need to be cloud-specific policies and guidelines that are managed proactively, so that issues are not only quickly mitigated but prevented in the first place,” he said.

No organization is off limits; however, the survey shows that countries required to comply with General Data Protection Regulation (GDPR) guidelines suffered the lowest number of security incidents. The regulation ensures that information protection is considered.

Additional Causes

Organizations running multicloud environments are over 50% more likely to suffer a cloud security incident than those running a single cloud.

Accidental exposure continues to plague organizations, with misconfigurations exploited in 66% of reported attacks. Misconfigurations drive the majority of incidents.

Additionally, one in three businesses report that cybercriminals gained access through stolen cloud provider account credentials. Despite this, only a quarter say managing access to cloud accounts is a top area of concern.

Data from Sophos Cloud Optix further reveals that 91% of accounts have overprivileged identity and access management roles, and 98% have multifactor authentication disabled on their cloud provider accounts.

“The most surprising finding for me was that only 2% of organizations are using multifactor authentication,” Shier said. “This simple feature, when enabled, can have an outsized impact on protecting against security incidents. The caveat is that for some cloud platforms, enabling certain multifactor authentication mechanisms are determined by your license. At the very least, if some form of multifactor authentication is offered, it should be enabled for all accounts.”

The biggest benefit to using MSSPs or cloud-specific security providers is in the expertise they bring to the table, Shier said.

“That can be through security products … or through deployment guidance, workload monitoring and platform management,” he said. “These things provide businesses with the visibility and management capabilities required to securely use the cloud. They help you with making the right decisions at build time, continuous monitoring and visibility throughout the working phase. And they can help when things go wrong.”