Cado Security report reveals critical gaps in cloud cybersecurity response
Nearly 90% of organisations experience damage before successfully containing security incidents, according to recent research from Cado Security. The study delves into the challenges and crucial role of cybersecurity incident response (IR) in cloud environments, revealing significant gaps that leave organisations vulnerable to delays in addressing and resolving incidents.
The report highlights that a staggering 90% of IT security decision-makers admitted their organisations suffered damage prior to containing and investigating incidents, with the primary contributing factor being a lack of visibility and control over cloud environments. This issue is alarming, particularly as 43% of organisations reported having experienced significant damage from uninvestigated cloud incident alerts. Even more concerning is the finding that nearly a quarter, 23% of cloud alerts, are never investigated at all.
The process is notably lengthy for incidents that do undergo investigation. Approximately 65% of respondents reported spending three to five days more on cloud investigations compared to on-premises investigations, which consequently leaves them susceptible to further risk as attackers continue to infiltrate networks. Moreover, 93% of those surveyed indicated that delays in resolving incidents occurred because they had to request permission to access cloud resources, despite 92% having a formal process for cloud investigation in place.
36% of organisations pinpointed lack of visibility and control within cloud environments as the most significant operational challenge in timely investigation and response to cloud-based threats. This is compounded by a shortfall in cloud-specific cybersecurity skills, with 34% of organisations reporting limited knowledge in this area.
Integration of security tools across multiple cloud platforms also emerged as a substantial hurdle. Nearly half, 45%, flagged this as the top operational challenge, likely due to the 82% that confirmed using multiple tools or platforms for cloud forensics investigations. This challenge is exacerbated as 70% of respondents find it extremely difficult to investigate threats effectively across numerous cloud providers.
James Campbell, CEO and Co-Founder at Cado Security remarked, "A robust incident response programme, particularly one that extends to next-generation technologies, is critical to safeguarding organisations against emerging threats. Yet, our latest report reveals that organisations still lack streamlined incident response strategies for cloud environments. The findings reinforce the urgent need for new approaches to swiftly investigate and respond to better manage risks and comply with complex incident response mandates globally."
The report also uncovered some optimistic insights. Respondents are increasingly recognising where investigation and response automation can be enhanced and how AI can streamline these processes moving forward. This recognition is crucial, given that 44% identified data breaches and data loss incidents as the biggest challenges with cloud-based threats, and 34% admitted to having been fined for failing to meet regulatory requirements.
Looking ahead, over half of the respondents believe that cloud response platforms will improve visibility into cloud-based threats and risks, with 95% anticipating that AI will play a significant role in cloud incident response within the next two years. Organisations are exploring various strategies to bolster investigation and response in cloud environments. The data suggests that incident response automation is twice as effective as traditional Security Orchestration, Automation, and Response (SOAR) platforms for cloud investigations.
77% of respondents expect their overall budget for cloud forensics and incident response IT security to increase in 2024, with 83% already having a budget specifically allocated for cloud forensics. While challenges remain, businesses appear to be investing in appropriate strategies and technologies, recognising that cloud response platforms have the potential to minimise the costs associated with investigations and significantly mitigate the repercussions of data breaches.