Netwrix Survey: 53% of Organizations Suffered a Cyberattack in the Cloud Within the Last 12 Months

Netwrix, a cybersecurity vendor that makes data security easy, today announced the release of its global 2022 Cloud Security Report. It reveals that over half (53%) of organizations experienced a cyberattack on their cloud infrastructure within the last 12 months. Phishing was the most common type of attack, experienced by 73% of respondents.

The report also notes that the average detection time for most types of attacks has increased since 2020. The most significant slowdown was for supply chain compromise: In 2020, 76% of respondents spotted this type of attack within minutes or hours, but in 2022, only 47% found it that quickly. Ransomware became harder to uncover as well; 86% of organizations needed minutes or hours to detect ransomware in 2020, but in 2022, this share dropped to 74%.

Attacks are maturing faster than the expertise, tools and processes defending against them. Organizations are implementing more security controls and spending more money to stay safe — 49% confirmed their cloud security budget increased in 2022. But more tools doesn’t always mean more security. Point solutions from different vendors operate separately, offer overlapping or conflicting functionality, and require organizations to deal with multiple support teams. This complexity leads to security gaps. One way to solve this problem is to build a security architecture with a select, smaller group of trusted vendors that develop, offer, and support an extensive portfolio of solutions.
Dirk Schrader, VP of Security Research at Netwrix

In addition, the report finds that breaches are getting costlier. This year, 49% of respondents said that an attack led to unplanned expenses to fix security gaps, up from 28% in 2020. The share who faced compliance fines more than doubled (from 11% to 25%), as did the number who saw their company valuation drop (from 7% to 17%).

The top 3 data security challenges named by survey respondents stayed the same from 2020: lack of IT staff, lack of expertise in cloud environments and lack of budget. Money is still an issue for many organizations but the share of those who struggle with this problem dropped from 47% in 2020 to 34% in 2022.

Other survey findings include:

• 80% of organizations that use the cloud store sensitive data there.
• More than half (53%) of respondents said security improvement was their main goal for cloud adoption.
• The majority of respondents who classify their data were able to detect an attack within minutes, while those who don’t classify data usually needed hours or even days.
• Auditing of user activity is particularly effective for phishing, ransomware attacks and account compromise, where it reduced detection time from hours to minutes.

The report reveals that cloud adoption is in full swing: Organizations report that 41% of their workloads are already in the cloud, and they expect that share to increase to 54% by the end of 2023. IT teams are learning how to use the cloud both efficiently and securely as well as train their fellow colleagues similarly. It is time to pay closer attention to security measures that improve the ability to identify, protect against, detect, and respond to threats, in order to reduce both the likelihood and impact of a breach.
Dirk Schrader, VP of Security Research at Netwrix