Technology for MSMEs: As small and medium businesses (SMBs) globally move to the cloud or accelerate their cloud adoption, the chances of cyberattacks on the cloud also go up, indicating gaps in cloud defences for these organisations. According to a survey commissioned by cloud security company Sophos of 4,984 IT professionals in SMBs across 31 countries using Infrastructure as a Service (IaaS), 67 per cent reported that their organisations were hit by ransomware over the last year.
Ransomware is a malware that doesn’t allow the user to access files on their computer. It encrypts the files and demands a ransom payment for the decryption key.
The survey said 56 per cent of respondents noted an increase in the volume of attacks on their organisations while 59 per cent experienced an increase in the complexity of attacks and 53 per cent saw an increase in the impact of attacks on their businesses. The survey was conducted by the UK-based research agency Vanson Bourne to assess the benefits of strong or advanced IaaS adoption for businesses experiencing cyber threats.
“It is imperative that security is prioritized as organizations continue to adopt cloud services. This includes implementing traditional threat-based protections, as well as risk-based mitigations. Unpatched vulnerabilities and misconfigured resources are both preventable mistakes and avoidable risks that make life easier for attackers. Most attackers are not unstoppable criminal masterminds, but rather opportunistic cyberthugs looking for an easy payday,” said John Shier, Senior Security Advisor, Sophos in the survey.
The data in the survey noted that advanced IaaS cloud users were far less likely to have experienced an increase in the volume, complexity, and impact of an attack; for example, 61 per cent of IaaS beginners reported an increase in attack impact compared to only 43 per cent of advanced users.
IaaS is a cloud computing branch providing essential computing, storage, and networking services on demand. Some examples of IaaS are Microsoft Azure, Amazon Web Services, Digital Ocean, IBM Cloud, etc. Other types of existing cloud computing services are software as a service (SaaS), platform as a service (PaaS), etc.
Moreover, the study showed very few organizations have the necessary resources to detect cyberthreat and respond to it round the clock or 24×7. According to the survey, only one in three (33 per cent) IaaS users had the resources to continuously detect, investigate and remove threats in their IaaS infrastructure in comparison to only one in four (40 per cent) users who had processes in place to respond to IaaS infrastructure security incidents 24×7.