The average cost of cloud account compromises reached $6.2 million over a 12-month period according to more than 600 IT and IT security professionals in the US.
This finding is from a new report on The Cost of Cloud Compromise and Shadow IT released by Proofpoint, a cybersecurity and compliance company, and the Ponemon Institute, an IT security research organisation.
Of the respondents, 68 per cent believe cloud account takeovers present a significant security risk to their organisations, with more than half noting an increase in the severity and frequency of compromises within the last 12 months.
Microsoft 365 and Google Workspace accounts are the most heavily targeted, usually by brute force or phishing-based attacks. Over the 12-month period, organisations experience an annual average of 138 hours of application downtime.
Perhaps more worryingly, only 44 per cent of survey respondents believe their organisations have established clearly defined roles and levels of accountability for safeguarding confidential cloud data. Furthermore, fewer than 40 per cent of respondents say their organisations are vigilant in conducting cloud app assessments before deployment.
Another key finding of the report focused on shadow IT – the use of cloud applications and services without the approval or knowledge of IT – and its impacts. 75 per cent of respondents say the use of cloud apps without IT approval is a serious security risk and yet only 40 per cent believe their organisations know all the cloud platforms that their users are engaged with.
Considering an average of 42 per cent of corporate data is stored in the cloud, the need for further investment in expertise and technologies, as well as user training, seems evident.