A new report reveals that nearly 90% of IT security decision-makers surveyed admitted their organizations suffered damage before cloud security incidents were contained and investigated.
Research examining how organizations handle cloud security incidents from Cado Security has revealed widespread inefficiencies that leave organizations vulnerable to delays in incident resolution.
The research revealed that the main factor contributing to these delays that lead to damage is the lack of visibility and control in cloud environments.
Alarmingly, 43% of organizations experienced significant damage from cloud incident alerts that were not investigated, and 23% of cloud alerts were never investigated.
For those incidents investigated, 65% of respondents indicated spending 3-5 days more on cloud investigations than on-premises, leaving them exposed to additional risks as attackers compromise networks.
Up to 93% of those surveyed confirmed that delays in resolving incidents were due to the need to request permission to access resources from the cloud team. This is concerning given that 92% of them said they have a formal process for investigating the cloud.
36% of organizations reported that lack of visibility and control over cloud environments was the top operational challenge when it comes to timely investigation and response to cloud-based threats.
A lack of cloud knowledge also contributed, with 34% of organizations reporting limited cybersecurity skills specific to cloud technologies.
Integrating security tools across multiple cloud platforms was also flagged by 45% as the top operational challenge when it comes to responding to cloud security threats, perhaps due to the 82% who confirmed having multiple tools/platforms for conducting forensic investigations in the cloud.
This makes investigating threats very difficult for 70% of those surveyed, as resources across multiple cloud providers are affected.
“Having a robust incident response program – especially one that spans the next generation of technologies – is critical to protecting organizations from emerging threats,” said James Campbell, CEO and co-founder of Cado Security.
“However, as our latest report revealed, organizations still lack streamlined incident response strategies in cloud environments. The findings reinforce that organizations urgently need to adopt new methods to investigate and respond quickly – not only to better address risks, but also to comply with response reporting mandates.” to complex and ever-changing incidents around the world.
The good news is that those surveyed recognize where investigation and response automation can be improved and how AI and automation can benefit investigations moving forward to make operations more efficient and avoid the risks of failed compliance and costly breaches.
This is positive, as 44% said data breaches and data loss incidents were the biggest challenge facing cloud-based threats, and 34% admitted they had been fined for not meeting regulatory requirements.
Looking ahead, more than half of respondents said cloud response platforms will improve their view of cloud-based threats and risks, and 95% believe AI will play a major role in cloud incident response in the next two years.
Suggestions for reading
Organizations are exploring different strategies for conducting investigation and response in cloud environments.
Naturally, security teams have tried to leverage existing tools, such as SOAR (Security Orchestration, Automation, and Response) platforms to address these challenges.
However, the results indicate that incident response automation is twice as effective as SOAR in cloud investigations.
Positively, 77% of respondents expect the total annual cloud forensics and incident response budget in their IT security budget to increase in 2024, and 83% of organizations have a cloud forensics budget.
“Although there is still a way to go, companies appear to be taking the right steps when it comes to investigation and response automation and are investing in the right places with nearly 40% realizing that cloud response platforms will reduce costs associated with investigations,” Campbell added. “The cost savings and implications of a data breach.”
