Priority for security must match cloud adoption

John Shier, senior security expert at Sophos.
John Shier, senior security expert at Sophos.
by
2 years ago

Sophos has published findings of a new survey, The Reality of SMB Cloud Security in 2022. The survey found that, among Infrastructure as a Service, IaaS users, 56% experienced an increase in the volume of attacks on their organisation when compared to the previous year, and 67% were hit by ransomware. In addition, 59% experienced an increase in complexity of attacks.

Annual Trend 2023

For many of these users, a lack of visibility into their infrastructure, unpatched vulnerabilities and resource misconfigurations make them susceptible to various types of attacks, including ransomware. Of those surveyed, only 37% track and detect resource misconfigurations and only 43% routinely scan IaaS resources for software vulnerabilities.

Unpatched vulnerabilities and misconfigured resources are both preventable mistakes and avoidable risks

What is more, 65% of cloud users reported not having visibility of all resources and their configurations, and only 33% said their organisation has the resources to continuously detect, investigate and remove threats in their IaaS infrastructure.

It is imperative that security is prioritised as organisations continue to adopt cloud services. This includes implementing traditional threat-based protections, as well as risk-based mitigations. Unpatched vulnerabilities and misconfigured resources are both preventable mistakes and avoidable risks that make life easier for attackers.

65% of cloud users reported not having visibility of resources and configurations

Most attackers are not unstoppable criminal masterminds, but rather opportunistic cyberthugs looking for an easy payday. However, the survey also found that more advanced IaaS users are twice as likely to report a decrease in attack impact than beginners, suggesting the appropriate defence mechanisms can go a long way in deterring threat actors.

Don't Miss

Chester Wisniewski, director, field CTO, Sophos

Most Educational Organizations Paid More Than the Original Ransom Demand, Says Sophos Survey

Sophos has published its annual sector survey report, , “The State of

Ransomware Groups Weaponize Stolen Data to Increase Pressure on Targets Who Refuse to Pay, Sophos Report Finds

Sophos has released a new dark web report titled “Turning the Screws: