According to a study by Cado Security, almost 90% of organizations suffer damage before security incidents are contained

Cado Security announced the results of a new study that examines why “organizations need a new approach to investigation and response in the cloud.” The report, which considers the critical role and challenges of cybersecurity incident response (IR), uncovers widespread deficiencies that leave organizations vulnerable to delays in incident resolution. Nearly 90% of IT security decision makers surveyed admitted that their organization had suffered damage before incident containment and investigation. The main reason for this was a lack of visibility and control over cloud environments.

© Lukiyanova Natalia

Worryingly, 43% of organizations have suffered significant damage from a cloud incident alert that was not investigated, and 23% of cloud alerts are never investigated.

Of the incidents studied, 65% of respondents reported spending three to five days more on cloud investigations than on-premises investigations, exposing them to additional risk when attackers infiltrate networks.

Up to 93% of respondents said delays in incident resolution were due to the requirement to obtain approval from the cloud team to access resources. This is concerning as 92% said they have a formal cloud investigation process in place.

36% of organizations said a lack of visibility and control over cloud environments is the biggest operational challenge when it comes to timely investigation and response to cloud-based threats. A lack of cloud-specific knowledge also contributed: 34% of companies report limited cybersecurity skills specifically for cloud technologies.

Integrating security tools across multiple cloud platforms was also cited as the biggest operational challenge in responding to cloud security threats by 45%, which may be attributed to the 82% who confirmed having multiple tools/platforms in place to conduct forensic investigations in the cloud. This makes threat investigation a huge challenge for 70% of respondents as resources are involved across multiple cloud providers.

“A robust incident response program – especially one that spans the next generation of technologies – is critical to protecting organizations from emerging threats,” said James Campbell, CEO and co-founder of Cado Security. “Yet, as our latest report reveals, organizations still lack optimized incident response strategies in cloud environments. The findings confirm that organizations urgently need to adopt new approaches to rapid investigation and response – not only to better address the risks, but also to comply with the complex and ever-changing reporting requirements for incident response around the world.”

The good news is that respondents recognize where investigation and response automation can be improved and how AI and automation can benefit future investigations to make processes more efficient and avoid the risk of compliance failures and costly breaches. This is positive as 44% of respondents said data breaches and data loss were the biggest challenge with cloud-based threats, and 34% admitted they had been fined for failing to comply with legal requirements.

Looking forward, more than half of respondents said cloud response platforms will improve their visibility into cloud-based threats and risks, and 95% believe AI will play an important role in response in the next two years will play on cloud incidents. Organizations are exploring various strategies for conducting investigations and response in cloud environments. Of course, security teams have tried to leverage existing tools like security orchestration, automation and response (SOAR) platforms to address these challenges. However, the results suggest that automating cloud investigation incident response is twice as effective as SOAR.

On the positive side, 77% expect the total annual cloud forensics and IT security incident response budget to increase in 2024, and 83% of organizations have a cloud forensics budget.

“While there is still a long way to go, organizations appear to be taking the right steps and investing in the right places when it comes to automating investigations and response. Nearly 40% are aware that cloud response platforms will minimize the costs associated with investigations, not to mention the savings associated with the cost and impact of a data breach,” Campbell added.

methodology

The survey of over 300 security leaders and decision makers working in organizations based in the United States and United Kingdom was conducted in collaboration with TrendCandy. Survey participants were required to use public clouds such as AWS, Azure, and GCP for business operations, hold a management level or higher, work in information security or cybersecurity, and be involved in cloud security.