- 70% of companies using big cloud computing vendors were hacked or exposed data last year, according to a new survey of more than 3,200 IT managers by UK cybersecurity company Sophos.
- 98% of companies have not turned on multi-factor authentication to their cloud accounts, the survey found— a stat researchers called “staggering.”
- The companies also often misconfigured their accounts with Microsoft, Amazon, and other big cloud providers, Sophos found.
- An increase in remote work makes cloud security more important, “so it’s worrisome that many organizations still don’t understand their responsibility,” the company said.
- Sophos recommends organizations assume their cloud assets will be hacked and continually monitor them.
- Visit Business Insider’s homepage for more stories.
A new survey of 3,200 IT managers found that 70% of companies storing data with Microsoft, Amazon and other big cloud vendors were hacked or leaked data last year – often because of basic security lapses.
In one alarming data point, the survey shows 98% of companies failed to enabled multi-factor authentication on cloud accounts holding massive sets of sensitive data, in a simple security step many consumers take with their own email and social media accounts.
The survey, conducted by the English cybersecurity company Sophos, found that simple security actions could safeguard sensitive company data, preventing data theft and ransomware.
“It is staggering,” said John Shier, a senior security expert at Sophos who worked on the report. “In many cases if all you do is turn on multi-factor authentication, a lot of attackers won’t bother. That one step takes a major chunk out of your security vulnerabilities.”
Sophos commissioned research specialist Vanson Bourne to survey 3,521 IT managers currently hosting data and workloads using at least one of the following providers: Azure, Oracle Cloud, AWS, VMware Cloud on AWS, and Alibaba Cloud. In addition, they may also have used Google Cloud and IBM Cloud. Sophos had no role in the selection of respondents and all responses were provided anonymously. The survey was conducted during January and February of this year.
‘A harbinger of bad things to come’
Cloud computing, which allows remote users easier access to company data, has been adopted much faster since the onset of the COVID-19 pandemic, Shier said. That means some security steps may have been skipped, and the report’s findings are “a harbinger of bad things to come,” he said.
Cloud providers like Amazon Web Services, Microsoft Azure, and Google Cloud have historically left the security of the data stored on their platforms up to the user. Failing to properly configure that security can have dire consequences: Last year’s high-profile Capital One cloud breach was apparently enabled by a “firewall misconfiguration” in a server hosted on AWS.
To that point, Sophos found that two-thirds of the attacks stemmed from misconfigured cloud resources, allowing attackers to exploit weaknesses.
Shier notes that the big companies have done more to help their customers secure data: Microsoft Azure now makes it fairly difficult to connect cloud data to the internet without implementing security measures. “After just a massive amount of abuse, and not only abuse but just accidental disclosure of information, Amazon has also started tightening those restrictions,” Shier said, referring to hackers abusing the system. Amazon did not immediately reply to a request for comment.
But he suggests that the providers could still be doing more to help customers avoid the most common security mistakes. The prime example is multi-factor authentication, which many consumers use by getting a text from email or social media companies asking them to verify their identities when the log in. The same step could be taken by companies accessing their cloud-based data, but almost all companies have failed to simply turn the feature on.
“Maybe it’s not required,” Shiers said. “It should be. You need the force of law.”
Assume you will be hacked
Sophos recommends organizations assume their cloud assets will be hacked, concentrate on protecting data wherever it is stored rather than keeping attackers out of a perimeter, and continually monitor cloud assets.
Another key concern of The State of Cloud Security 2020 is ransomware, the high-profile crime that locks up companies’ data and shuts down operations while demanding payment. Ransomware gangs have recently extended their operations by releasing and even auctioning stolen data as their victims are forced to choose between paying for dubious solutions that may not work, or defying attackers who debilitate their businesses. Ransomware is one of the most widely reported cybercrimes in the public cloud, researchers found.
Half the security incidents studied by Sophos included ransomware and other malware, 29% involved exposed data, 25% involved compromised accounts, and 17% involved cryptojacking, with some of the incidents including overlapping issues.
Europeans experienced the lowest percentage of security incidents in the cloud, which Sophos said is an indicator that compliance with General Data Protection Regulation (GDPR) guidelines are helping to protect organizations from being compromised. India, on the other hand, fared the worst, with 93% of organizations being hit by an attack in the last year.