The average cost of cloud account compromises reached $6.2 million (£4.5m) over a 12-month period according to more than 600 IT and IT security professionals in the US.
This finding is the most revealing of many from a new report on ‘The Cost of Cloud Compromise and Shadow IT’ released by Proofpoint, a cybersecurity and compliance company, and the Ponemon Institute, an IT security research organisation.
Of the respondents, 68% believe cloud account takeovers present a significant security risk to their organisations, with more than half noting an increase in the severity and frequency of compromises within the last 12 months.
Microsoft 365 and Google Workspace accounts are the most heavily targeted, usually by brute force or phishing-based attacks. Over the 12-month period, organisations experience an annual average of 138 hours of application downtime.
Perhaps more worryingly, only 44% of survey respondents believe their organisations have established clearly defined roles and levels of accountability for safeguarding confidential cloud data. Furthermore, fewer than 40% of respondents say their organisations are vigilant in conducting cloud app assessments before deployment.
Reflecting on the report’s findings, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said: “This research illustrates that leaving SaaS security in the hands of end-users or lines of business can be quite costly.”
“Cloud account compromises and sensitive information loss can disrupt business, damage brand reputation, and cost organizations millions annually,” he added.
Another key finding of the report focused on shadow IT – the use of cloud applications and services without the approval or knowledge of IT – and its impacts. 75% of respondents say the use of cloud apps without IT approval is a serious security risk and yet only 40% believe their organisations know all the cloud platforms that their users are engaged with.
Considering an average of 42% of corporate data is stored in the cloud, the need for further investment in expertise and technologies, as well as user training, seems evident.
Tim Choi, VP of product marketing for Proofpoint, said: “SaaS security cannot be an afterthought given the high cost of cloud account compromise. The move to the cloud and increased collaboration requires a people-centric security strategy backed by a cloud access security broker (CASB) solution that is integrated with a larger cloud, email, and endpoint security portfolio.”
Want to find out more about topics like this from industry thought leaders? The Cloud Transformation Congress, taking place on 13 July 2021, is a virtual event and conference focusing on how to enable digital transformation with the power of cloud.