Cloud-based cyber attacks increased by 48 percent in 2022
- Published: Thursday, 19 January 2023 10:45
Check Point Research (CPR) reports a 48 percent year-on-year increase in cloud-based cyber attacks in 2022, as organizations increasingly move operations to the cloud due to escalated digital transformations.
The largest increases were seen in Asia (+60 percent), followed by Europe (+50 percent) and North America (+28 percent).
CPR finds that hackers are leveraging newer CVEs (common vulnerabilities and exposures) from the past two years to attack via the cloud, when compared to on-premise attacks. Further analysis of specific high profile global vulnerabilities revealed that some major CVE’s have had a higher impact on cloud-based networks compared to on-prem.
Omer Dembinsky, Data Group Manager at Check Point Software said: “Enterprise attack surfaces have fast-expanded in a short amount of time. Digital transformations and remote work due to the COVID pandemic have accelerated the move to the cloud. Hackers are quickly following. These organizations have been challenged to secure distributed workforce, while at the same time, are dealing with a shortage of skilled security staff. Data loss, malware and ransomware attacks are among the top threats that organizations face in the cloud. Cloud applications and services are a prime target for hackers because misconfigured services and recent CVEs are leaving them exposed to the Internet and vulnerable to simple cyber attacks.”
CPR’s top cyber safety tips for organizations:
- Backup cloud data. If your data is ever compromised, having a backup makes recovering it a lot simpler.
- Control access for third-party apps. Vet third party apps for the degree of access they have.
- Use two-factor authentication.
- Use logically isolated networks and micro-segments. Deploy business-critical resources and apps in logically isolated sections of the provider’s cloud network, such as Virtual Private Clouds (AWS and Google) or vNET (Azure).
- Shift your security left. Incorporate security and compliance protection early into the development lifecycle.