Cloud Security, Ransomware

Gaps in cloud security top driver of cyberattacks

Visitors walk by a cloud sign at a technology trade fair on March 21, 2017, in Hanover, Germany. S3 buckets have become a security time bomb, said one expert. (Alexander Koerner/Getty Images)

Research released by Veritas Technologies on Tuesday found that cloud technology (56%) and security (51%) are the two most commonly reported gaps that now exist in company IT strategies that leave them vulnerable to cyberattacks.

Organizations with at least one gap in their technology strategy have experienced around five times more ransomware attacks leading to downtime in the last year, than those with no gaps, according to Veritas. The average organization has experienced 2.57 ransomware attacks that led to downtime in the last 12 months, with 14% having been hit five times or more. A full 88% of companies have experienced downtime in the last 12 months.

The research, based on a survey of 2,000 global IT leaders whose organizations have undertaken digital transformation during the pandemic, also found that organizations would have to spend $2.47 million to close gaps in their technology strategy within the next 12 months.

Ransomware has become one of the top threats all organizations face today and a threat that can quickly bring an organization to a complete stop, said Joseph Carson, chief security scientist and Advisory CISO at ThycoticCentrify. Carson said it’s important to not only have an incident response plan in place, but be incident-ready, meaning that companies must practice and test a response plan. 

Over the past year, many organizations accelerated their digital migration to cloud services to stay productive while employees converted to working remotely, Carson added. This major migration meant many organizations have simply moved the same security controls used on-premises and adapted them to their cloud environment.

“This has seriously increased risks and exposure for those organizations,” Carson said. “As organizations migrate to cloud services, they must prioritize a new security strategy that takes advantage of cloud assets. This means identity has become the new security perimeter and privileged access has become the new security control along with a strong zero-trust mindset that continuously verifies authentication and authorization requests.”  

Douglas Murray, CEO at Valtix, said unfortunately, most organizations are dealing with a ticking time bomb of security concerns and technical debt built up over years of fragmented cloud efforts. Murray said multi-cloud deployments make matters worse, leaving many organizations trying to play catch-up while also dealing with the complexity of mastering cloud security – which is fundamentally different than on-premises security. 

“The good news is that it inevitably always comes back to the best practices of defense-in-depth and ensuring that the right security controls and policy are deployed against every cloud workload,” Murray said. “There are a variety of technologies that can help reduce ransomware risk in the cloud, including network-based intrusion prevention, antivirus, and the segmentation of workloads. By taking a cloud-first approach to these problems, security leaders can set the stage for the future through a cloud-native, multi-cloud security architecture.”

Trends identified in the research have been picking up momentum over the last couple of years, given the industry's “work-from-home” needs, said Robert Boudreaux, Field CTO at Deep Instinct. In organizations today, Boudreaux said there’s a blending of business continuity with security as it relates to work-from- home or cloud adoption. More and more applications are not housed in local data centers with local backup and access solutions, but rather in cloud data centers with cloud scalability and automation requirements.

“With this shift, security teams need to adopt their security policies, audit capabilities, and review structures,” Boudreaux said. “Most companies very clearly adopt either a zero-trust or business continuity approach, which have different levels of security and outcomes for end users. But an even better approach would be to regularly review the needs of the organization (internally and externally) and the current security policy and determine how it maps to the current threat landscape and regular training and testing of the internal employees on the effectiveness of this approach to security.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.