Report Finds Cybercriminals Are Targeting the Cloud
Due to COVID-19, organizations are shifting business-critical applications to hybrid-cloud environments, which is increasing the attack surface.
As more organizations migrate to the cloud, cybercriminals and bad actors are following that trend and targeting the cloud more frequently, according to a new report. And, the increased adoption of cloud services during the COVID-19 pandemic could be playing a role, says a joint report from DNS security firm EfficientIP and International Data Corp.
Social distancing guidelines have forced millions of workers to work out of their homes, so organizations are shifting business-critical applications to hybrid-cloud environments. However, that’s increasing the attack surface, the report says.
“As the number of business-critical applications hosted in hybrid-cloud environments has increased, so has the attack surface for cybercriminals. The Threat Report shows that companies that suffered cloud service downtime increased from 41% in 2019 to 50% in 2020, a sharp growth of nearly 22%. The increased adoption of cloud services during the global COVID-19 pandemic could make the cloud even more attractive for attackers.
“In-house app downtime remained extremely high: 62% this year compared to 63% last year. As a whole, application downtime—whether in-house or in the cloud—remains the most significant result of DNS attacks; of the companies surveyed, 82% said that they had experienced application downtime of some kind.”
Of those attacks, phishing attacks were the most common, the report said.
“This year phishing led in popularity (39% of companies experienced phishing attempts), malware-based attacks (34%), and traditional DDoS (27%). Crucially, the size of DDoS attacks is also increasing, with almost two-thirds (64%) being over 5Gbit/s.”
Although the ability of cybercriminals to adapt to a changing threat landscape is alarming, enterprise awareness and cybersecurity defenses are also improving, as the vast majority of respondents said security was a critical component of network infrastructure.
Per the report:
- 77% of respondents in the 2020 Threat Report deemed DNS security a critical component of their network architecture, compared to 64% in the previous year.
- Use of Zero Trust strategies is maturing, as 31% of companies are now running or piloting Zero Trust, up from 17% last year.
- Use of predictive analytics has increased from 45% to 55%.
Ronald David, vice president of strategy for Efficient IP, said in a news release announcing the study that DNS should play a much larger role in the security ecosystem.
That need is exacerbated during a time when any network or app downtime can have severe impacts on your business and ability to support remote workers.
This article originally ran in CS sister publication MyTechDecisions.com. Zach Comeau is TD’s web editor.