Editorial

Public sector still taking too many risks with cloud

New Sophos survey exposes gaps in cloud security within public sector

Posted 9 July 2020 by

The cloud could pose a serious security risk within the public sector.

A new survey by cybersecurity vendor Sophos shows that 40 percent of IT managers are not aware of all cloud accounts and environments used within their organisation.

“It’s good to see that there is an understanding (46 percent) that there is a shared responsibility when it comes to making sure that assets and services in the cloud are secured,” Jonathan Lee, UK director of public sector relations at Sophos told TDP.

“However it’s concerning that over 40 percent of people were not aware of all cloud accounts and environments used by their organisation as this means that they may not be properly configured and secured, giving an adversary a way into the network, potentially exposing confidential data.”

Seventy percent of organizations experienced a public cloud security incident in the last year – including ransomware and other malware (50 percent), exposed data (29 percent), compromised accounts (25 percent), and cryptojacking (17 percent).

Lee also described the fact that 30 percent of people are having trouble with convincing senior management to invest in cybersecurity for the cloud as “worrying”, especially so when only 30 percent of people reported that they had not suffered a cloud security incident in the past year.

“Resources have been moved into the public cloud at pace during the COVID-19 pandemic to enable home working,” he said. “Cybersecurity should be baked into the move to the cloud from the outset, but I am not convinced that this has always been followed in the current climate. Organisations should now go back and asses the changes to their infrastructure that they have made.”

Jonathan Lee, UK director of public sector relations at Sophos

Elsewhere in the report, The State of Cloud Security 2020, shows that identity security represents a huge challenge across the board. Thirty-three percent of organisations reported that cybercriminals gained access by stealing cloud provider account credentials.

Once inside, however, all attacks utilised Identity and Access Management (IAM) roles and permissions to navigate the compromised cloud accounts. Managing access to cloud accounts is an enormous challenge and yet only quarter of organizations in the survey saw it as a top area for concern.

Ninety-one percent of respondents had over-privileged IAM roles, increasing the chances of those credentials being compromised, and 98 percent had Multi Factor Authentication disabled on their cloud provider accounts.