Cybercriminals are taking notice of increased reliance on the cloud and targeting cloud infrastructure more than before, a new study suggests.
According to new research from Centrify, in the last 12 months, the vast majority of cybercriminals are now after compromising privileged credentials and not trying to hack the IT systems.
For the study, the cybersecurity firm surveyed 150 senior executives in the IT sector across the US, found that 65% of respondents experienced attacks on their cloud infrastructure, and 80% of those attacks were successful.
During the pandemic, organizations around the world undertood the move to the cloud is a must. Cisco Systems predicted that cloud data center traffic would represent 95 percent of total data center traffic by 2021. As the reliability, availability, and scalability offered by the cloud have become critical for organizations, cybercriminals are trying to reap their profits from this.
While 63% of respondents made the move to cloud 3-5 years ago, 25% of respondents just began their cloud transition in the last two years.
Those new entrant aree facing security challenges due to slack of infrastructure and expertise.
According to the study, 31% rely on hybrid and multi-cloud environments, while 45% use only private clouds and 23% rely on public cloud.
Despite the prevalence of cyberattacks targeting the cloud, managing multi-cloud environments was identified as the greatest cloud transition challenge (36%). Cybersecurity risks and cloud migration were next challenges with both accounting for 22%.
According to new research from Centrify, 90% of cyberattacks on the cloud infrastructure in the last 12 months involved compromised privileged credentials.
“Cybercriminals are capitalizing on our reliance on the cloud, and they’re no longer just hacking in. They’re logging in,” said Art Gilliland, CEO of Centrify to HelpNetSecurity.
“With almost all of the attacks on the cloud caused by stolen privileged credentials, the security stack must include a centralized PAM solution architected in the cloud, for the cloud. This approach will minimize the attack surface and control privileged access to hybrid environments, even as it evolves post-COVID-19.”