Compromised cloud accounts costing businesses millions

Criminals are phishing for Microsoft 365 and Google Workspace accounts.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Compromisedcloudaccounts cost organizations millions each year, a new report from cybersecurity firm Proofpoint and IT security research organization Ponemon Institute claims.

Part of the problem surrounds the fact that many don’t know who is responsible for safeguarding that data. At the same time, criminals are increasingly eyeing up cloud as a treasure trove of sensitive data.

Average cost

The average cost of cloud account compromises has gone up to $6.2 million in the last 12 months, the report says, adding that for the 600 IT and IT security pros that were polled, account takeover presents a “significant security risk”. The frequency and severity of these incidents increased over the course of the last year, as well.

In the past 12 months, companies suffered 64 cloud account compromises on average, with 30 percent having sensitive data exposed. Criminals are mostly interested inMicrosoft365 andGoogleWorkspace accounts, and deploy various phishing techniques to obtain the credentials.

Less than half of the poll’s respondents have clearly defined who is accountable for keepingcloud-basedsensitive data secure and, to make matters worse, just about a third “vigilantly” conduct cloud app assessments before deploying anything.

According to the report, strong authentication and adaptive access controls should be essential in securing admission to cloud resources. Today, many organizations support multiple identity federation standards and agree that adaptive access controls are essential in order to protect those most at risk.

Google Cloud instances compromised in illicit cryptomining attacks>Nearly all firms have suffered cloud security threats this year>Best endpoint protection software of 2022

“The move to the cloud and increased collaboration requires a people-centric security strategy backed by a cloud access security broker (CASB) solution that is integrated with a larger cloud, email, and endpoint security portfolio,” said Tim Choi, VP Product Marketing at Proofpoint.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Such an approach effectively addresses concerns like cloud account compromise, unauthorized access to cloud data, and cloud application governance. Organizations need clearly defined roles, established accountability, and a CASB solution that can be operationalized in hours—not weeks.”

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Outlook users warned not to open more than 60 emails — otherwise their software will crash

Best secure file transfer solution of 2024

Don’t wait until Black Friday, this year’s best Nintendo Switch bundles are on sale now