Nearly three quarters (70 per cent) of organisations experienced a public cloud security incident in the last year – including ransomware and other malware (50 per cent), exposed data (29 per cent), compromised accounts (25 per cent) and crypto-jacking (17 per cent).

The latest State of Cloud Security annual survey from Sophos revealed that running multi-cloud environments are twice as likely to suffer a cloud security incident than those running a single cloud.

The research was conducted by Vanson Bourne among more than 3,500 IT managers across 26 countries in Europe, the Americas, Asia Pacific, the Middle East and Africa, which currently host data and workloads in the public cloud.

Europeans suffered the lowest percentage of security incidents in the cloud, an indicator that compliance with General Data Protection Regulation guidelines is helping to protect organisations from being compromised.

Accidental exposure continues to be a problem for companies, with misconfigurations exploited in 66 per cent of reported attacks.

Additionally, a third of organisations reported that cyber criminals gained access through stolen cloud provider account credentials. Despite this, only a quarter of those surveyed said that managing access to cloud accounts was a top area of concern.

Data from Sophos Cloud Optix, a cloud security posture management tool, showed that 91 per cent of accounts have overprivileged identity and access management roles, and 98 per cent have multi-factor authentication disabled on their cloud provider accounts.

Nearly all respondents (96 per cent) admitted to concerns about their current level of cloud security. Data leaks topped the list of security concerns for nearly half of respondents (44 per cent), with identifying and responding to security incidents coming a close second (41 per cent).

Chester Wisniewski, principal research scientist at Sophos, commented: “The recent increase in remote working provides extra motivation to ​disable cloud infrastructure that is being relied on more than ever, so it’s worrisome that many organisations still don’t understand their responsibility in securing cloud data and workloads.

"Cloud security is a shared responsibility, and organisations need to carefully manage and monitor cloud environments in order to stay one step ahead of determined attackers.”

Share Story: