>
Cloud-based cyber-attacks have increased by nearly half (48%) over the course of 2022 compared to the previous year, according to new figures from Check Point Research (CPR).
The company’s analysis found that as companies accelerate their digital transformation efforts, they are increasingly leveraging the cloud, making it an attractive target for cybercriminals.
In addition, companies tend to keep more sensitive data in the cloud (opens in new tab) than on-premise today, which is another key argument for why the technology is in the crosshairs of threat actors.
Main goal
The largest increase in attacks was seen in Asia (over 60%), followed by Europe (50%+) and North America (28%+).
Unlike on-premises attacks, where attackers typically exploit somewhat older vulnerabilities, cloud-based attacks are often used by hackers to hunt for newer flaws, usually vulnerabilities discovered between 2020 and 2022.
Usually, these cyber incidents lead to data loss and ransomware attacks.
“The enterprise attack surface has expanded rapidly in a short period of time,” said Omer Dembinsky, Data Group Manager at Check Point Software. “Digital transformations and remote working due to the Covid pandemic have accelerated the move to the cloud. Hackers soon follow. These organizations face the challenge of securing a distributed workforce, while at the same time facing a shortage of trained security personnel. Data loss, malware and ransomware attacks are among the biggest threats facing organizations in the cloud. Cloud applications and services are a prime target for hackers because misconfigured services and recent CVEs expose them to the Internet and make them vulnerable to simple cyber-attacks.”
To keep their cloud environment secure, CPR recommends that companies regularly back up cloud data, set up audit access for third-party apps, use multi-factor authentication where possible, use logically isolated networks and micro-segments, and protect mission-critical resources and apps in logically isolated parts of the cloud network (think of Virtual Private Clouds or vNET).
Finally, companies need to “move security to the left” by incorporating security and compliance protection early in the development lifecycle.