Cloud adoption is in “full swing” but so are cyber attacks on cloud infrastructure, a new report by cloud data security provider Netwrix said.
For example, organizations in the study said that 41% of their workloads are already in the cloud, and they expect that share to increase to 54% by the end of 2023. Meanwhile, 53% of organizations experienced a cyberattack on their cloud infrastructure within the last 12 months. Phishing was the most common type of attack, experienced by 73% of respondents.
As might be expected the average detection time for most types of attacks has increased since 2020 with the most notable slowdown for supply chain compromise. In 2020, 76% of respondents spotted this type of attack within minutes or hours, but in 2022, only 47% found it that quickly. Ransomware became harder to uncover as well. Some 86% of organizations needed minutes or hours to detect ransomware in 2020, but in 2022, this share dropped to 74%.
In addition, breaches have become costlier. This year, 49% of respondents said that an attack led to unplanned expenses to fix security gaps, up from 28% in 2020. The share who faced compliance fines more than doubled (from 11% to 25%), as did the number who saw their company valuation drop (from 7% to 17%).
Other survey findings include:
- 80% of organizations that use the cloud store sensitive data there.
- More than half (53%) of respondents said security improvement was their main goal for cloud adoption.
- The majority of respondents who classify their data were able to detect an attack within minutes, while those who don’t classify data usually needed hours or even days.
- Auditing of user activity is particularly effective for phishing, ransomware attacks and account compromise, where it reduced detection time from hours to minutes.
- The top 3 data security challenges named by survey respondents stayed the same from 2020: lack of IT staff, lack of expertise in cloud environments and lack of budget. Money is still an issue for many organizations but the share of those who struggle with this problem dropped from 47% in 2020 to 34% in 2022.
MSSPs Embrace Cloud Security Posture Management (CSPM) for AWS, Azure and Google Cloud
Amid that backdrop, demand for Cloud Security Posture Management (CSPM) tools is surging. Indeed, CSPM spending expected to more than double from $4.2 billion in 2022 to $8.6 billion by 2027 at a CAGR (compound announce growth rate) of 15.3%, a MarketsAnd Markets research report said.
CSPM tools allow managed security services providers (MSSPs) and end-customers to monitor and properly configure Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform and other public cloud workloads. Misconfiguration affects organizations of all sizes and can result in significant financial losses.
The segment is one of the fastest growing cybersecurity services and solutions offered by MSSPs with the services component’s growth expected to exceed that of the entire market, according to a report by MarketsandMarkets. In fact, more than 40 percent of MSSP Alert’s TOP 250 MSSP for 2021 survey participants offer CSPM to the end user customers.
Additional insights from Joe Panettieri.