As the adoption of public cloud service providers like Amazon Web Services and Microsoft Azure continues to grow, a shockingly large number of organizations are experiencing a host of cybersecurity incidents as they migrate work functions to public clouds.
According to the ‘State of Cloud Security 2020’ survey from cybersecurity specialist Sophos released in July, 70% of over 3,200 organizations surveyed experienced a public cloud security incident in the last year.
Half of respondents reported ransomware/malware attacks, 29% reported exposed data, 25% reported compromised accounts, and 17% reported cryptojacking incidents in which hackers use computer resources to perform the computations required to mine bitcoin or other cryptocurrencies.
Cybersecurity incidents on the rise in multi-cloud environments
Organizations running multi-cloud environments were 50% more likely to report a cloud security incident than those running a single cloud.
This is especially concerning since it is increasingly common for organizations to choose different public cloud options for different workloads; those options can include AWS, Azure, Google Cloud Platform, Alibaba Cloud, or even VMWare Cloud (on AWS) or Oracle.
Some small bit of good news perhaps in the Sophos study: GDPR regulations may be working. European organizations reported among the lowest percentage of cloud security incidents – including 61% of respondents in Germany and the UK, 57% in Spain, 47% in Poland, and 45% in Italy.
Those percentages are still quite high, of course, but low when compared to the global average of 70% and well below the 93% of respondents from India reporting cyberattacks.
Growing importance of cloud security
Another sign of hope is that 96% of respondents acknowledged the growing importance of cloud security. That’s good, because the hackers are getting more sophisticated every day.
Case in point: in its companion ‘2020 Threat Report,’ Sophos reported evidence that malicious actors are now learning how to attack machine learning malware detection models that are increasingly considered the foundation of any robust cybersecurity program.
The combination of new public cloud vulnerabilities and the prospect of vulnerabilities in emerging data science security methodologies, means Sophos and other cybersecurity vendors will have their hands full in order to stay ahead of the bad guys.