Cloud cyber attacks are maturing faster than expertise

Over half (53%) of organisations have experienced a cyberattack on their cloud infrastructure within the last 12 months, according to Netwrix’s global 2022 Cloud Security Report. 

As more businesses migrate their workload and data to the cloud, it means there are more opportunities for a breach or cyber attack. The report found that 80% of organisations that use the cloud store sensitive data there and 53% of respondents said security improvement was their main goal for cloud adoption.

"Attacks are maturing faster than the expertise, tools and processes defending against them. Organisations are implementing more security controls and spending more money to stay safe — 49% confirmed their cloud security budget increased in 2022. But more tools doesn't always mean more security. Point solutions from different vendors operate separately, offer overlapping or conflicting functionality, and require organisations to deal with multiple support teams. This complexity leads to security gaps. One way to solve this problem is to build a security architecture with a select, smaller group of trusted vendors that develop, offer, and support an extensive portfolio of solutions," said Dirk Schrader, VP of Security Research at Netwrix.

A lack of money and a lack of expertise is causing chaos in the cloud 

The report notes that the average detection time for most types of attacks has increased since 2020. 

The most significant slowdown was for supply chain compromise: In 2020, 76% of respondents spotted this type of attack within minutes or hours, but in 2022, only 47% found it that quickly. Ransomware became harder to uncover as well; 86% of organisations needed minutes or hours to detect ransomware in 2020, but in 2022, this share dropped to 74%.

Not only has the detection time increased, but also the cost of breaches has too. This year, 49% of respondents said that an attack led to unplanned expenses to fix security gaps, up from 28% in 2020. The share who faced compliance fines more than doubled (from 11% to 25%), as did the number who saw their company valuation drop (from 7% to 17%).

The top 3 data security challenges named by survey respondents stayed the same from 2020: lack of IT staff, lack of expertise in cloud environments and lack of budget. Money is still an issue for many organisations but the share of those who struggle with this problem dropped from 47% in 2020 to 34% in 2022.

"The report reveals that cloud adoption is in full swing: Organisations report that 41% of their workloads are already in the cloud, and they expect that share to increase to 54% by the end of 2023. IT teams are learning how to use the cloud both efficiently and securely as well as train their fellow colleagues similarly. It is time to pay closer attention to security measures that improve the ability to identify, protect against, detect, and respond to threats, in order to reduce both the likelihood and impact of a breach," adds Schrader.