New research shows an average annual financial loss for companies due to compromised cloud accounts is over $500,000.
Proofpoint and the Ponemon Institute surveyed 600 IT and security professionals in the U.S. and published their findings. The researchers note that 68% of the surveyed organizations said cloud account takeovers were a significant security risk for them and over 50% of them noticed the severity and frequency of cloud account compromises increased in the past year.
“This research illustrates that leaving SaaS security in the hands of end-users or lines-of-business can be quite costly,” said Larry Ponemon, chairman and founder of Ponemon Institute. “Cloud account compromises and sensitive information loss can also disrupt business and damage brand reputation.”
Survey also determined that there are 64 cloud account compromises per year on average, and 30% of them expose sensitive data. At least 50% of respondents said the most frequent method attackers obtain cloud credentials was phishing. As much as 75% noted serious security risks that come with the use of improperly vetted cloud apps and services as shadow IT.
Researchers interviewed Tim Bach, vice president of engineering at AppOmni, who said that, just like organizations, security teams aren’t immune from the risks related to the shift to the cloud that took place during the pandemic. Bach said most security teams are shifting to a more distributed approach.
“The core security challenges of a move to the cloud are the same for security teams as they are for the businesses they are securing,” Bach said. “More data and workloads in the cloud means additional systems with sensitive data to secure. Most notably, over the past 12-18 months, we’ve continued to see danger in the proliferation of third-party cloud-to-cloud connections and over-provisioned users and applications.”