Organizations Struggle to Fend Off Cloud and Web Attacks

  • Many organizations are struggling to adequately protect the cloud environments implemented during the pandemic and adapt their comprehensive cybersecurity strategy to evolving threats.

    The data comes from a joint research report by the Cloud Security Alliance (CSA) and Proofpoint, which queried more than 950 IT and security professionals at organizations of different sizes and in various locations across the Americas, EMEA and APAC.

    Dubbed the “Cloud and Web Attacks” study, the report suggests that while many companies substantially accelerated their digital transformation to adapt to a remote workforce during the pandemic, the speed of the transition presented unintended consequences, mainly due to the large-scale structural changes required.

    “One of those challenges is developing a cohesive approach to cloud and web threats while managing legacy and on-premises security infrastructure,” read the paper.

    “Hacking opportunities increased when employees were suddenly exported from their desks at work to their home offices.”

    Fast forward to the present day, Proofpoint said risks and threats through the supply chain continue to increase as organizations migrate to the cloud and increasingly rely on third parties and partners.

    Reflecting this trend, 81% of responding organizations said they were moderately to highly concerned about risks surrounding suppliers and partners.

    Further, almost half (48%) of respondents specifically cited their concern about supply chain attacks or data loss through the supply chain. A significant 58% of organizations also indicated that third parties and suppliers were the targets of cloud-based breaches in 2021.

    In terms of primary cloud and web security objectives for 2022, 43% of organizations cited protecting customer data, while 41% mentioned automating cloud and web threat prevention solutions as their number one priority.

    The Proofpoint study also analyzed the perception of responders in relation to the main vulnerability point in cloud and web applications.

    While 47% of those surveyed blame dealing with legacy systems as their number one security problem, more of them (49%) agreed that the main source of risks to security are still users of the enterprise IT systems. To protect themselves against cloud and web threats, organizations say they most commonly use security awareness training.

    The full text of the Cloud and Web Security Challenges in 2022 report is available here.