More than half (53%) of organizations experienced a cyberattack on their cloud infrastructure within the past 12 months, according to a new survey by Netwrix, a cybersecurity vendor. 

Phishing was the most common type of attack, experienced by 73% of respondents, Netwrix cites in its global 2022 Cloud Security Report.  

The report notes that the average detection time for most types of attacks has increased since 2020. The most significant slowdown was for supply chain compromise: In 2020, 76% of respondents spotted this type of attack within minutes or hours, but in 2022, only 47% found it that quickly.  

Ransomware became harder to uncover as well; 86% of organizations needed minutes or hours to detect ransomware in 2020, but in 2022, this share dropped to 74%. 

“Attacks are maturing faster than the expertise, tools and processes defending against them. Organizations are implementing more security controls and spending more money to stay safe — 49% confirmed their cloud security budget increased in 2022,” said Dirk Schrader, vice president of security research at Netwrix.

Yes, more tools doesn’t always mean more security, Schrader adds. “Point solutions from different vendors operate separately, offer overlapping or conflicting functionality, and require organizations to deal with multiple support teams,” he says. “This complexity leads to security gaps. One way to solve this problem is to build a security architecture with a select, smaller group of trusted vendors that develop, offer, and support an extensive portfolio of solutions.”

Breaches Are Getting Costlier

In addition, the report finds that breaches are getting costlier. This year, 49% of respondents said that an attack led to unplanned expenses to fix security gaps, up from 28% in 2020. The share who faced compliance fines more than doubled (from 11% to 25%), as did the number who saw their company valuation drop (from 7% to 17%).

The top three data security challenges named by survey respondents stayed the same from 2020: lack of IT staff, lack of expertise in cloud environments and lack of budget. Money is still an issue for many organizations, but the share of those who struggle with this problem dropped from 47% in 2020 to 34% in 2022.

Other survey findings include:

  • 80% of organizations that use the cloud store sensitive data there.
  • More than half (53%) of respondents said security improvement was their main goal for cloud adoption.
  • The majority of respondents who classify their data were able to detect an attack within minutes, while those who don’t classify data usually needed hours or even days.
  • Auditing of user activity is particularly effective for phishing, ransomware attacks and account compromise, where it reduced detection time from hours to minutes. 
“The report reveals that cloud adoption is in full swing: Organizations report that 41% of their workloads are already in the cloud, and they expect that share to increase to 54% by the end of 2023. IT teams are learning how to use the cloud both efficiently and securely as well as train their fellow colleagues similarly. It is time to pay closer attention to security measures that improve the ability to identify, protect against, detect, and respond to threats, in order to reduce both the likelihood and impact of a breach,” adds Schrader.