A report has emerged stating that more than 93% of Indian organisations and 60% of South African organisations have been hit by a cyberattack, signalling the need for investment into more effective information security practices.
The report comes from Sophos, who published its “State of Cloud Security 2020” report that says six in ten organisations in South Africa had been hit by a cloud-based security incident in the previous 12 months.
Looking deeper into this figure, Sophos says that ransomware attacks, malware attacks and exposing of data were the most common attacks.
The report adds that compromised accounts and crytojacking were also responsible for a considerable amount of cyber attacks on South African organisations.
In terms of information security for organisations, Sophos says that organisations with a multi-cloud operating environment are 50% more likely to be hit with a security incident compared to those operating via a single cloud provider.
Sophos noted that European organisations were significantly more resilient than organisations based elsewhere, likely the result of compliance in line with the requirements of the General Data Protection Regulation (GDPR) guidelines.
“Ransomware, not surprisingly, is one of the most widely reported cybercrimes in the public cloud. The most successful ransomware attacks include data in the public cloud, according to the report, and attackers are shifting their methods to target cloud environments that cripple necessary infrastructure and increase the likelihood of payment,” Chester Wisniewski, Sophos’ principal research scientist said.
“The recent increase in remote working provides extra motivation to disable cloud infrastructure that is being relied on more than ever, so it’s worrisome that many organisations still don’t understand their responsibility in securing cloud data and workloads,” he said.
“Cloud security is a shared responsibility, and organisations need to carefully manage and monitor cloud environments in order to stay one step ahead of determined attackers.”
The report notes that 39% of reported incidents in South Africa were the result of misconfigurations in the system that could otherwise have been prevented with an information security management system.
This is in addition to the 59% of South African organisations reporting cybercriminals gaining access to their network via stolen account logins. In spite of this fact, the report notes that just 28% of organisations say the management of account details is a top priority in keeping their network safe.
The report says that 89% of South African respondents are concerned about their cloud security, but just 2% have implemented multi-factor authentication. “Identifying sudden increase in cloud spends” remains a top priority for organisations, as well as “identifying and responding to security incidents,” as well as “convincing senior management to invest in cloud security.”