Sophos’ State of Cloud Security 2020 reported that Asia-Pacific (APAC) topped the world in having the highest number of cyberattacks in 2019. India fared the worst with 93% of organizations being hit by an attack.
APAC recorded the highest regional rates of exposed data (35%), ransomware attacks (37%), and account compromise (33%) among the survey respondents.
“Ransomware is one of the most widely reported cybercrimes in the public cloud. Attackers are shifting their methods to target cloud environments that cripple necessary infrastructure and increase the likelihood of payment,” said Chester Wisniewski, principal research scientist, Sophos.
He noted that the rise in remote working provided extra motivation to disable cloud infrastructure that is being relied on more than ever, so it’s worrisome that many organizations still don’t understand their responsibility in securing cloud data and workloads.
Nearly all respondents in Asia-Pacific (97%) admit to concern about their current level of cloud security, an encouraging sign that it’s top of mind and important.
“Cloud security is a shared responsibility, and organizations need to carefully manage and monitor cloud environments in order to stay one step ahead of determined attackers,” he added.
By the numbers
Data leaks top the list of security concerns for nearly half of respondents (44%); identifying and responding to security incidents is a close second (43%). Only 25% view lack of staff expertise as a top concern.
Organizations running multi-cloud environments are greater than 50% more likely to suffer a cloud security incident than those running a single cloud.
Accidental exposure continues to plague organizations, with misconfigurations exploited in 60% of reported attacks in Asia-Pacific. Misconfigurations drive the majority of incidents and are all too common given cloud management complexities.
Additionally, 39% of organizations in the region report that cybercriminals gained access through stolen cloud provider account credentials. Despite this, only a quarter of organizations say managing access to cloud accounts is a top area of concern.
According to Sophos 91% of accounts globally have overprivileged identity and access management roles, and 98% have multi-factor authentication disabled on their cloud provider accounts.