As cybercriminals continue to take advantage of the public cloud in their attacks, Sophos commissioned an independent survey of 3,521 IT managers across 26 countries* to reveal the reality of cloud security in 2020.
The 2020 cloud security reality
The survey provides fresh new insight into the cybersecurity experiences of organizations using the public cloud, including:
- Almost three-quarters of organizations hosting data or workloads in the public cloud experienced a security incident in the last year. Seventy percent of organizations reported they were hit by malware, ransomware, data theft, account compromise attempts, or cryptojacking in the last year.
- Data loss/leakage is the number one concern for organizations. Data loss and leakage topped our list as the biggest security concern, with 44% of organizations seeing data loss as one of their top three focus areas.
- Ninety-six percent of organizations are concerned about their current level of cloud security. Data loss, detection and response, and multi-cloud management top the list of the biggest concerns among organizations.
- Multi-cloud organizations reported more security incidents in the last 12 months. Seventy-three percent of the organizations surveyed were using two or more public cloud providers and reported more security incidents as those using a single platform.
- European organizations may have the General Data Protection Regulation (GDPR) to thank for the lowest attack rates of all regions. The GDPR guidelines’ focus on data protection, and well-publicized ransomware attacks have likely led to these lucrative targets becoming harder for cybercriminals to compromise in Europe.
- Only one in four organizations see lack of staff expertise as a top concern despite the number of cyberattacks reported in the survey. When it comes to hardening security postures in the cloud, the skills needed to create good designs, develop clear use cases, and leverage third-party services for platform tools are crucial but underappreciated.
- Two-thirds of organizations leave back doors open to attackers. Security gaps in misconfigurations were exploited in 66% of attacks, while 33% of attacks used stolen credentials to get into cloud provider accounts.
Secure the cloud with Sophos
However you’re using the public cloud, Sophos can help you keep it secure.
- Secure all your cloud resources. Get a complete inventory of multi-cloud environments (virtual machines, storage, containers, IAM Users etc.). Reveal insecure deployments, suspicious access, and sudden spikes in cloud spend.
- Secure your cloud workloads. Protect virtual machines, the virtual desktops running on those machines from the latest threats, including ransomware, fileless attacks, and server-specific malware.
- Protect the network edge. Secure inbound and outbound traffic to your virtual network, virtual desktop environments, and provides secure remote access to private applications running in the cloud.