Cloud account compromises are costing organizations millions each year

SaaS security can no longer be overlooked

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Dealing with cloud accounts that have been compromised is becoming even more expensive as new research fromProofpointandPonenom Institutehas revealed that cloud account compromises cost organizations over $6m each year.

To compile their new report titled “The Cost of Cloud Compromise and Shadow IT”, the cybersecurity firm and IT security research organization surveyed more than 600 IT and IT security professionals across the US.

Of those surveyed, 68 percent said they believecloud account takeoverspresent a significant security risk to their organizations with more than half indicating that both the frequency and severity of cloud account compromises have increased over the last 12 months.

Chairman and founder of the Ponemon Institute, Larry Ponemon warned against the increased security risks that  have come with growingSaaSadoption in apress release, saying:

“This research illustrates that leaving SaaS security in the hands of end-users or lines of business can be quite costly. Cloud account compromises and sensitive information loss can disrupt business, damage brand reputation, and cost organizations millions annually.”

SaaS security

According to 86 percent of respondents, the annual cost of cloud account compromises is now over $500k with those surveyed reporting an average of 64 compromised accounts each year. Of these compromised accounts, 30 percent expose sensitive data putting employees and their organization at risk of cyberattacks.

Nearly 60 percent of respondents indicated thatMicrosoft 365andGoogle Workspaceaccounts are heavily targeted by brute force and phishing-based cloud attacks. Overall though, more than 50 percent of those surveyed sayphishingis the most frequent method used by cybercriminals to acquire legitimate cloud credentials.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

At the same time,shadow ITis creating substantial risk for organizations as employees are still using cloud apps and services that have not been approved by their organization’s IT department. The increased use ofonline collaboration softwareand messaging tools to share sensitive information along with the move to the cloud and more employeesworking from homeare also putting organizations at greater risk.

VP of product marketing at Proofpoint, Tim Choi explained how SaaS security can no longer be overlooked as organizations move their workloads to the cloud and adopthybrid workingmodels, saying:

“SaaS security simply cannot be an afterthought given the high cost of cloud account compromise and today’s heightened hybrid working environment. The move to the cloud and increased collaboration requires a people-centric security strategy backed by a cloud access security broker (CASB) solution that is integrated with a larger cloud, email, and endpoint security portfolio. Such an approach effectively addresses concerns like cloud account compromise, unauthorized access to cloud data, and cloud application governance. Organizations need clearly defined roles, established accountability, and a CASB solution that can be operationalized in hours—not weeks.”

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

LG Electronics sets ambitious B2B revenue goal to offset declining consumer demand

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics