IBM Security has released new data examining the top challenges and threats impacting cloud security, indicating that the ease and speed at which new cloud tools can be deployed can also make it harder for security teams to control their usage. According to IBM survey data and case-study analysis, basic security oversight issues, including governance, vulnerabilities, and misconfigurations, remain the top risk factors organizations should address to help secure increasingly cloud-based operations. The case-study analysis of security incidents over the past year also sheds light on how cybercriminals are targeting cloud environments with customized malware, ransomware and more.
Nearly 60% of enterprises expect to increase their cloud usage plans due to COVID-19. While the cloud is essential for today’s new business reality, rapid and ad-hoc adoption of new cloud resources can also open doors for cybercriminals. In order to help companies adapt and prioritize their security strategies for this shift, IBM examined the top organisational challenges and external threats impacting security in the cloud – based on survey data from IBM Institute for Business Value, as well as an analysis of incident response cases from IBM X-Force IRIS. A few of the findings include:
- Complex Ownership: 66% of respondents surveyed say they rely on cloud providers for baseline security; yet perception of security ownership varied greatly across specific cloud platforms and applications, creating potential gaps in policies and security oversight.
- Cloud Applications Opening the Door: Cybercriminals view cloud-based applications as a cracked door into cloud environments. 45% of cloud security incidents analysed in IBM X-Force response cases involved compromising cloud environments via cloud-based applications, often through configuration errors and vulnerabilities introduced by employees standing up new apps outside of approved channels.
- Amplifying Attacks: While data theft was the top impact of attacks in the cloud, hackers are also targeting the cloud for cryptomining and ransomware – using cloud resources to scale these attacks.
Access the report-Cloud Threat Landscape Report 2020