Cloud account compromises are costing organizations millions each year

(Image credit: Shutterstock)

Dealing with cloud accounts that have been compromised is becoming even more expensive as new research from Proofpoint and Ponenom Institute has revealed that cloud account compromises cost organizations over $6m each year.

To compile their new report titled “The Cost of Cloud Compromise and Shadow IT”, the cybersecurity firm and IT security research organization surveyed more than 600 IT and IT security professionals across the US.

Of those surveyed, 68 percent said they believe cloud account takeovers present a significant security risk to their organizations with more than half indicating that both the frequency and severity of cloud account compromises have increased over the last 12 months.

Chairman and founder of the Ponemon Institute, Larry Ponemon warned against the increased security risks that  have come with growing SaaS adoption in a press release, saying:

“This research illustrates that leaving SaaS security in the hands of end-users or lines of business can be quite costly. Cloud account compromises and sensitive information loss can disrupt business, damage brand reputation, and cost organizations millions annually.”

SaaS security

According to 86 percent of respondents, the annual cost of cloud account compromises is now over $500k with those surveyed reporting an average of 64 compromised accounts each year. Of these compromised accounts, 30 percent expose sensitive data putting employees and their organization at risk of cyberattacks.

Nearly 60 percent of respondents indicated that Microsoft 365 and Google Workspace accounts are heavily targeted by brute force and phishing-based cloud attacks. Overall though, more than 50 percent of those surveyed say phishing is the most frequent method used by cybercriminals to acquire legitimate cloud credentials.

At the same time, shadow IT is creating substantial risk for organizations as employees are still using cloud apps and services that have not been approved by their organization's IT department. The increased use of online collaboration software and messaging tools to share sensitive information along with the move to the cloud and more employees working from home are also putting organizations at greater risk.

VP of product marketing at Proofpoint, Tim Choi explained how SaaS security can no longer be overlooked as organizations move their workloads to the cloud and adopt hybrid working models, saying:

“SaaS security simply cannot be an afterthought given the high cost of cloud account compromise and today’s heightened hybrid working environment. The move to the cloud and increased collaboration requires a people-centric security strategy backed by a cloud access security broker (CASB) solution that is integrated with a larger cloud, email, and endpoint security portfolio. Such an approach effectively addresses concerns like cloud account compromise, unauthorized access to cloud data, and cloud application governance. Organizations need clearly defined roles, established accountability, and a CASB solution that can be operationalized in hours—not weeks.”  

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.