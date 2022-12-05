A new survey has shown that the volume of attacks on infrastructure as a service (IaaS) users is rising. 56 percent of users experienced an increase in the volume of attacks on their organisation when compared to the previous year.

The Reality of SMB Cloud Security in 2022 survey by Sophos, found that 67 percent of users were hit by ransomware and 59 percent saw an increase in the complexity of attacks.

For users, the inability to access their infrastructure, unpatched vulnerabilities and resource misconfigurations expose them to various types of attacks, including ransomware. According to Sophos’ survey, 37 percent of respondents are able to track and detect resource misconfigurations. Also, only 43 percent of users routinely scan IaaS resources for software vulnerabilities.

John Shier, senior security advisor, Sophos, said it is important that companies prioritise security as part of their cloud adoption strategy.

“This includes implementing traditional threat-based protections, as well as risk-based mitigations. Unpatched vulnerabilities and misconfigured resources are both preventable mistakes and avoidable risks that make life easier for attackers. Most attackers are not unstoppable criminal masterminds, but rather opportunistic cyberthugs looking for an easy payday,” Shier said.

Reporting attacks depends on where the users are. For instance, the survey found that more advanced IaaS users are twice as likely to report a decrease in attack impact than beginners. 65 percent of cloud users reported not having visibility of all resources and their configurations, and only 33 percent said their organisation has the resources to continuously detect, investigate, and remove threats in their IaaS.

Shier says this suggests the appropriate defense mechanisms can go a long way in deterring threat actors. For users who need help, Sophos recommends security services that have 24/7 experts who can detect and quickly respond to active attacks.