Cloud-based cyberattacks have increased by almost half (48%) over the course of 2022 compared to the previous year, new figures from Check Point Research (CPR) have shown.
The company’s analysis determined that as businesses accelerate their digital transformation efforts, they’re increasingly utilizing the cloud, making it an attractive target for cybercriminals.
What’s more, businesses tend to keep more sensitive data in the cloud than on-premise these days, which is another key argument for the technology getting in threat actors’ crosshairs.
Prime target
The largest increase in attacks was observed in Asia (more than 60%), with Europe (50%+) and North America (28%+) following suit.
Unlike on-premise attacks, in which threat actors usually leverage somewhat older vulnerabilities, for cloud-based attacks, hackers are often pursuing newer flaws, mostly vulnerabilities discovered between 2020 and 2022.
Usually, these cyber-incidents result in data loss and ransomware attacks.
“Enterprise attack surfaces have fast-expanded in a short amount of time,” commented Omer Dembinsky, Data Group Manager at Check Point Software. “Digital transformations and remote work due to the Covid pandemic have accelerated the move to the cloud. Hackers are quickly following. These organizations have been challenged to secure distributed workforce, while at the same time, are dealing with a shortage of skilled security staff. Data loss, malware and ransomware attacks are among the top threats that organizations face in the cloud. Cloud applications and services are a prime target for hackers because misconfigured services and recent CVEs are leaving them exposed to the internet and vulnerable to simple cyberattacks.”
To keep their cloud premises secure, CPR recommends businesses backup cloud data frequently, set up control access for third-party apps, use multi-factor authentication whenever possible, use logically isolated networks and micro-segments and deploy business-critical resources and apps in logically isolated sections of the cloud network (think Virtual Private Clouds or vNET).
Finally, businesses should “shift the security left”, by incorporating security and compliance protection early into the development lifecycle.
- Here’s our list of the best endpoint protection services right now