The Biggest Cloud and Web Security Concerns Today
Published 09/24/2022
With the continuation of remote work and newsworthy cyber attacks, organizations are struggling to adapt their overall security strategies to the changing landscape. To get a better understanding of the industry’s current attitudes regarding cloud and web security risks, Proofpoint commissioned CSA to develop the Cloud and Web Security Challenges in 2022 survey report.
This blog will cover the survey’s findings about organizations’ top cloud and web security concerns. To dive further into the results of the survey, make sure to check out the full survey report here.
Most concerning methods of attacks
When asked what is the most concerning method of attack that may target their organization, no single type of attack appeared to be of greater concern to the survey respondents. This indicates that organizations try to be vigilant when it comes to a wide array of attacks, including lateral movement (26%), command and control (26%), credential access (25%), privilege escalation (24%), discovery (24%), and persistence attacks (24%).
Most concerning cloud applications targeted in attacks
The types of cloud applications that organizations are most concerned about being attacked are applications that provide greater access to data. These applications are also used or accessible to most employees within an organization. The top two types of applications that organizations are most concerned about are email (36%) and authentication platforms (36%). Also of significant concern were cloud applications that provide access to the organization’s data, storage, and file sharing (35%); customer relationship management (33%); and enterprise business intelligence (30%).
Most concerning outcomes of cloud and web attacks
The outcomes organizations are most concerned about are consistent with the types of cloud apps they see as vulnerable. The top concern is the loss of sensitive data (47%), which is likely due to the reputational, financial, and legal implications that may result from such a loss.
The other top concerns have to do with the systems themselves. This includes loss of system access (37%), speaking to the previous concerns about access, and system sabotage (37%), echoing concerns about malware and ransomware.
Level of concern regarding security when collaborating with suppliers and partners
Respondents are concerned about security when collaborating with suppliers and partners. 81% of organizations report that they are moderately or highly concerned about this issue. This is consistent with recent attacks on US infrastructure and open-source solutions.
Top security concerns from partners and suppliers
Similar to the concerns around cloud and web attack outcomes, the top security concern with partners and suppliers is data loss (48%). Regardless of the type of attack, it appears that data loss, particularly sensitive data loss, is top of mind for many organizations. Authentication abuse (43%) is the second most concerning risk. These results further support the conclusion that organizations are most concerned about preventing access to data and the loss of data.
Conclusion
The results of the survey’s questions about cloud and web security concerns show that data loss is a top concern for organizations. Attackers frequently attempt to target personal or sensitive data that can be used for their financial gain, resulting in the loss of intellectual property, reputational damage, legal liability, and regulatory fines for businesses. It’s time to start putting protections in place to mitigate these concerns.
Now check out Cloud and Web Security Challenges in 2022 to review the rest of our findings, including the makeup of organizations’ security teams, the use and effectiveness of solutions for protecting against cloud and web threats, and the current state of cloud governance.
Related Articles:
10 Fast Facts About Cybersecurity for Financial Services—And How ASPM Can Help
Published: 12/20/2024
Decoding the Volt Typhoon Attacks: In-Depth Analysis and Defense Strategies
Published: 12/17/2024
Threats in Transit: Cyberattacks Disrupting the Transportation Industry
Published: 12/17/2024
Achieving Cyber Resilience with Managed Detection and Response
Published: 12/13/2024