Compromised cloud (opens in a new tab) Accounts cost organizations millions a year, according to a new report by cybersecurity company Proofpoint and IT security research organization Ponemon Institute.
Part of the problem is that many people do not know who is responsible for protecting this data. At the same time, criminals increasingly perceive the cloud as a treasure trove of sensitive data.
According to the report, the average cost of hacking cloud accounts has risen to $ 6.2 million in the last 12 months, adding that for the 600 IT and IT security professionals surveyed, account hijacking posed a “significant security risk”. The frequency and severity of these incidents has also increased over the past year.
In the past 12 months, companies have had an average of 64 cloud account breaches, and 30 percent have had sensitive data exposed. Criminals are mainly interested in Microsoft 365 and Google Workspace accounts and use various phishing techniques to obtain credentials.
Less than half of the survey respondents made it clear who is responsible for cloud maintenance (opens in a new tab) sensitive data is secure, and worse, about a third are ‘vigilant’ assessing cloud applications before implementing anything.
According to the report, strong authentication and adaptive access control should be essential to secure access to cloud resources. Today, many organizations support multiple identity federation standards and agree that adaptive access control is essential to protecting those most at risk.
“Moving to the cloud and increasing collaboration require a people-centric security strategy, backed by a cloud access broker (CASB) solution that is integrated into a larger cloud, email, and endpoint security portfolio,” said Tim Choi, vice president, CEO. product marketing. at Proofpoint.
“This approach effectively solves problems such as cloud account hacking, unauthorized access to cloud data and cloud application management. Organizations need clearly defined roles, established responsibilities and a CASB solution that can be deployed in hours, not weeks. ”