While cloud computing is helping organizations modernize their operations and be more agile, cloud technology is also introducing new threats, according to cybersecurity firm Sophos.
The U.K.-based cybersecurity service company published results of a recent survey of IT professionals at small and mid-size organizations, finding that 56% of infrastructure-as-a-service (IaaS) users saw an increase in the volume of attacks on their organization when compared to the previous year, and 67% were hit with ransomware.
In addition, Sophos’ survey found that nearly 60% say cloud-based attacks are becoming increasingly advanced.
According to Sophos, many of the survey’s nearly 5,000 IT professionals polled say a lack of visibility into their infrastructure, unpatched vulnerabilities and cloud misconfigurations make them open to various attacks, including ransomware.
Of the IT pros surveyed, just 37% say they track and detect resource misconfigurations, and only 43% say they routinely scan their cloud infrastructure for software vulnerabilities.
Sophos also found that 65% of IT professionals don’t have visibility of all resources and their configurations, and just a third of respondents say they have the resources to continuously detect, investigate and remove threats in their IaaS infrastructure.
As organizations continue to adopt new services, security must be prioritized, says John Shier, senior security advisor at Sophos. This strategy should include both traditional threat-based protections and risk-based mitigations.
“Unpatched vulnerabilities and misconfigured resources are both preventable mistakes and avoidable risks that make life easier for attackers,” Shier says. “Most attackers are not unstoppable criminal masterminds, but rather opportunistic cyberthugs looking for an easy payday.”
The survey also found that more advanced IaaS users are twice as likely to report a decrease in attack impact than beginners, which Shier says suggests the appropriate defense tools and configurations can help deter threat actors.
For users and organizations that need help, Shier recommends security services with around-the-clock experts to detect and respond to active attacks.