Cloud-based cyberattacks increased by nearly half (48%) over the course of 2022 compared to the previous year, according to new numbers from Check Point Research (CPR).
The company’s analysis determined that as companies accelerate their digital transformation efforts, they are increasingly using the cloud, making them an attractive target for cybercriminals.
Moreover, companies tend to keep more sensitive data in the cloud (Opens in a new tab) From within the company these days, another major argument for technology getting in the crosshairs of threats.
The main objective
The largest increase in attacks was seen in Asia (over 60%), and Europe (50%+) and North America (28%+) followed suit.
Unlike on-premise attacks, in which actors usually take advantage of fairly old vulnerabilities, for cloud-based attacks hackers often go after new flaws, most of which were discovered between 2020 and 2022.
These cyber incidents usually lead to data loss and ransomware attacks.
“Enterprise attack surfaces have expanded rapidly in a short period of time,” commented Omar Dembinsky, Director of Data Group at Check Point Software. “Digital shifts and remote working due to the Covid pandemic have accelerated the transition to the cloud. Hackers are following fast. These organizations have been challenged to secure their distributed workforce, while at the same time, dealing with a shortage of skilled security personnel. Data loss attacks, malware and malware “Ransomware is among the top threats organizations face in the cloud. Cloud applications and services are a prime target for hackers because misconfigured services and recent violent extremism encounters leave them vulnerable to the Internet and vulnerable to simple cyberattacks.”
To keep their cloud buildings secure, CPR recommends that companies back up cloud data frequently, set up control access for third-party applications, use multi-factor authentication whenever possible, use logically isolated networks and small segments and deploy business-critical resources and applications in logically isolated sections of the network Cloud (think Virtual Private Cloud Networks or vNET).
Finally, companies must “shift the security side”, by integrating security protection and compliance early in the development life cycle.