Chief information security officers (CISOs), security analysts, and their dedicated teams have encountered a surge in security incidents, presenting unprecedented challenges to safeguarding digital assets. The mounting frequency and complexity of cyberattacks have necessitated swift and innovative responses, but these efforts are impeded by an ongoing struggle to address talent shortages in the cybersecurity workforce.
Simultaneously, the complexity of cyberattacks has been on the rise, posing new threats and increasing the need for robust defensive strategies. To make matters worse, the global geopolitical landscape remains tense. A weakening social fabric, the proliferation of disinformation and mounting economic anxiety have all contributed to an atmosphere of heightened uncertainty and risk.
CISOs find themselves climbing what appears to be a never-ending mountain. To gain better insight on this issue, Scale Venture Partners conducted comprehensive research. Their mission is to stay informed about the evolving solutions in the field of cybersecurity.
In this year’s report, security leaders shared that although the number of successful ransomware attacks and data breach attempts fell by 30% over the last year, the number of reported security incident types at organizations increased. In fact, 71% of organizations experienced three or more types of security incidents, a 51% increase year-over-year, according to the report.
Among the incidents reported, cloud service attacks emerged as the most prevalent type of incident faced by organizations in the past 12 months. Alarmingly, half of the organizations experienced at least one attack targeting a cloud service during this period. Organizations rely more heavily on cloud services for storage, communication and other crucial functions. It is important for them to secure these environments, as the consequences of a successful attack can be detrimental to an organization's reputation, financial stability and overall business continuity.
The study also revealed a concerning trend wherein a growing number of cloud services were compromised due to attacks against third-party providers. This survey period witnessed a 16% year-over-year increase, with 43% of organizations affected, compared to 37% in the previous year. As the reliance on interconnected systems and outsourcing of services grows, so does the potential for attackers to exploit weak links in the security chain. This underscores the urgent need for organizations to not only fortify their own defenses but also collaboratively work with their third-party providers to implement robust security measures and establish a unified front against threats. Failure to address this issue adequately could have severe consequences for businesses, leading to data breaches, service disruptions and damage to reputation and customer trust.
Another disturbing finding was a 58% rise in firms falling victim to phishing attacks that resulted in stolen employee credentials via cloud services. This surge in phishing-related compromises highlights the escalating risks organizations face in securing their cloud-based infrastructure and underscores the need for robust cybersecurity measures to protect sensitive data and digital assets.
Companies are realizing these realities as they continue to utilize the cloud and plan to make the necessary adjustments going into 2024. According to the report, 83% of firms intend to enforce existing security policies more strictly this year to address their security challenges. Network security was named a primary cybersecurity spending priority, followed closely by identity and access management. Cloud infrastructure security rounded out the top three.
“The shift to the cloud has been a long journey, and attackers are taking advantage now that employees regularly log into multiple cloud services, often from outside the traditional enterprise network perimeter,” said Ariel Tseitlin, partner at Scale Venture Partners. “Without a strong perimeter, identity becomes the most important and effective way to manage security. That’s where companies most devote resources – both human and machine.”
Edited by
Alex Passett
