New Data Pinpoints Top Security Risks for Companies to Address as Cloud Migration Accelerates
IBM Security has released new data examining the top challenges and threats impacting cloud security, indicating that the ease and speed at which new cloud tools can be deployed can also make it harder for security teams to control their usage. According to IBM survey data and case-study analysis, basic security oversight issues, including governance, vulnerabilities, and misconfigurations, remain the top risk factors organizations should address to help secure increasingly cloud-based operations. The case-study analysis of security incidents over the past year also sheds light on how cybercriminals are targeting cloud environments with customized malware, ransomware and more.
With businesses rapidly moving to cloud to accommodate remote workforce demands, understanding the unique security challenges posed by this transition is essential for managing risk. While the cloud enables many critical business and technology capabilities, ad-hoc adoption and management of cloud resources can also create complexity for IT and cybersecurity teams. According to IDC, more than a third of companies purchased 30+ types of cloud services from 16 different vendors in 2019 alone. IDC CloudPulse Summary Q119 This distributed landscape can lead to unclear ownership of security in the cloud, policy “blind spots” and potential for shadow IT to introduce vulnerabilities and misconfiguration.
In order to get a better picture of the new security reality as companies quickly adapt to hybrid, multi-cloud environments, IBM Institute for Business Value (IBV) and IBM X-Force Incident Response and Intelligence Services (IRIS) examined the unique challenges impacting security operations in the cloud, as well as top threats targeting cloud environments.
Top findings include:
- Complex Ownership: 66% of respondents surveyed IBM Institute for Value Survey of 930 senior business and IT professionals say they rely on cloud providers for baseline security; yet perception of security ownership by respondents varied greatly across specific cloud platforms and applications.2
- Cloud Applications Opening the Door: The most common path for cybercriminals to compromise cloud environments was via cloud-based applications, representing 45% of incidents in IBM X-Force IRIS cloud-related case studies. IBM X-Force IRIS: “Cloud Security Landscape Report” In these cases, cybercriminals took advantage of configuration errors as well as vulnerabilities within the applications, which often remained undetected due to employees standing up new cloud apps on their own, outside of approved channels.
- Amplifying Attacks: While data theft was the top impact of the cloud attacks studied3, hackers also targeted the cloud for cryptomining and ransomware4 – using cloud resources to amplify the effect of these attacks.