Press Release: 37% of organisations have suffered a cyberattack on cloud environments due to the lack of basic cloud security hygiene

New study reveals 42 percent of organisations are concerned about cloud security but many fail to carry out any security testing on the environment.

London, UK – August 22, 2019 – With the recent exposure of a huge data breach affecting US bank Capital One, cloud security has once again been put under the spotlight. However, a recent survey from Outpost24 has revealed that many companies today would be unable to detect abnormalities in their cloud environment, while 37 percent have already experienced a cyberattack on their cloud systems. As more organisations embrace digital transformation and migrate to the cloud – the results of the survey highlight the lack of security hygiene when it comes to cloud environments.

The study, which was carried out at Infosecurity Europe in June 2019, studied the attitudes of 300 security professionals and also revealed that over a quarter (27 percent) of organisations do not know how quickly they could tell if their cloud data had been compromised, while 11 percent said a compromise on their on-premise data would be much quicker to detect, indicating some organisations are still relying solely on cloud service providers to protect their cloud data.  

Other survey findings revealed that 42 percent of security professionals believe their on-premise data is more secure than their cloud hosted data, while 19 percent of organisations only carry out security testing on their cloud environment annually and a staggering 11 percent never run any security testing at all.

“The cloud offers organisations huge benefits in terms of cost savings and scalability, however security in these environment should never be overlooked,” said Bob Egner, VP at Outpost24. “Organisations should treat their cloud assets just as they would their on-premise assets and apply all the same security principles of vulnerability and application security assessment, plus checks for cloud misconfigurations and security posture. It is extremely important to understand the shared responsibility model and what cloud service providers such as Amazon Web Services (AWS) and Microsoft Azure can and cannot offer in terms of security, as ultimately the responsibility of protecting your data and cloud workloads lies with you, the organisations using the cloud services.”

The study also asked respondents about how many of their products and applications are running in the cloud and 34 percent said more than half, while 15 percent said all their assets were running in the cloud.

“Our survey clearly shows that many organisations today are heavily reliant on the cloud, and often multi-cloud, which makes it difficult to apply and homogenise the correct security controls across multiple cloud service providers. Security testing should be continuous across the entire technology stack, including the cloud. Running automated and continuous testing is the best way to identify if cloud data is being accessed by anyone maliciously and to help spot any misconfigurations in real-time which could put the data at risk,” continued Egner.

Notes to editor:

This survey was carried out in June 2019 at the Infosecurity Europe Conference in London and studied the attitudes of 300 security professionals.

About Outpost24

The Outpost24 group helps organizations limit their digital exposure with a complete range of cyber risk management solutions. Outpost24’s cloud platform unifies asset inventory, automates security assessments, and quantifies risk in business context. Executives and security teams around the world trust Outpost24 to prioritize the most important security issues across their entire IT infrastructure for accelerated risk reduction. Founded in 2001, Outpost24 is headquartered in Sweden, with additional offices in the US, the UK, the Netherlands, Belgium, Denmark, France, and Spain.