Cloud Threats and Priorities as We Head Into the Second Half of 2020
With millions working from home and relying on the cloud, security leaders are under increasing pressure to keep their enterprises breach-free.
June 22, 2020
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltd0cc9fbd4caf00e3/64f0d3ef90b1dc22eafe5c30/1.jpeg?width=700&auto=webp&quality=80&disable=upscale)
The massive swing to working from home has accelerated already solid plans for enterprises' massive expansion to the cloud. This puts the pressure on CISOs and other security leaders to speed up efforts for addressing growing cloud-based threats and gaps in protection, visibility, and security team know-how.
Dark Reading recently pored through some of the most recent surveys and research on cloud threats and investment priorities to understand where the industry is headed for the rest of the year and what it all means when it comes to mitigating cloud risks.
According to a recent survey of US-based CISOs conducted by IDC on behalf of Ermetic, approximately 79% of organizations have experienced a cloud breach in the past 18 months. The most-hit industries were banking and healthcare. Meanwhile, incidents were most prevalent at midsize businesses.
Many cloud breaches are far from one-off incidents. The IDC study found 72% of impacted organizations experienced five or more breaches, and 43% reported they'd been hit 10 or more times in the past 18 months.
As more organizations use the flexibility of the cloud to host their flexible nonrelational databases, the attack surface of cloud data is growing. Recent studies by Comparitech security researchers found that threat actors are well-aware of the vulnerabilities and are primed to pounce on unsecured instances very quickly. After researchers set up a honeypot consisting of a publicly exposed Elasticsearch instance with fake user data, over the course of 11 days the bad guys attacked it 175 different times, for an average of 18 attacks per day, they found. The first attack came just eight hours after the researchers set out the honeypot.
Some of the biggest cloud security challenges uncovered by the IDC study of CISO perceptions had to do with configurations, monitoring, and access controls. The study showed 67% of organizations cited security misconfiguration of production cloud environments as a top threat, 64% cited a lack of visibility into live cloud environments the top threat, and 61% cited identity-access management and permission configurations a big risk. The challenges in meeting these threats varied by industry. For example, government struggles most with getting visibility into unstructured data, while banking struggles to establish least privilege access to cloud data.
According to a recent survey of security decision makers by Attivo, the No. 1 priority needing attention in enterprise security is cloud security and risk management. In spite of temporary spending halts due to the pandemic, many organizations are on track for increased security budgets, and cloud security is at the top of the technology investment wish list, above automation, deception, and security analytics.
In its annual spending survey released earlier this year, the SANS Institute found increased use of public cloud Internet-as-a-service (IaaS) and hybrid cloud are the biggest disruptors to the security roadmap today. SANS detailed the specific areas that various security stakeholders have prioritized for cloud security investment. On the top of the list was cloud security monitoring, cloud access security broker (CASB) technology, staff skills training, and strong authentication.
A recent study by Fortinet shows that organizations are hard-hit by the cybersecurity skills shortage across numerous roles and skills. According to the survey, over three in four security leaders agree the skills shortage increases risks to their organizations. Cloud security architect is the most difficult role to fill, according to this survey, beating out SOC specialist, security admin, DevSecOps specialist, and others.
A recent study by Fortinet shows that organizations are hard-hit by the cybersecurity skills shortage across numerous roles and skills. According to the survey, over three in four security leaders agree the skills shortage increases risks to their organizations. Cloud security architect is the most difficult role to fill, according to this survey, beating out SOC specialist, security admin, DevSecOps specialist, and others.
The massive swing to working from home has accelerated already solid plans for enterprises' massive expansion to the cloud. This puts the pressure on CISOs and other security leaders to speed up efforts for addressing growing cloud-based threats and gaps in protection, visibility, and security team know-how.
Dark Reading recently pored through some of the most recent surveys and research on cloud threats and investment priorities to understand where the industry is headed for the rest of the year and what it all means when it comes to mitigating cloud risks.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024