Cloud Security – 26 Interesting Stats and Facts

by

With cloud computing on the rise, one has to wonder about the security of these clouds. With the cloud not being physically present in the place where the corporations reside, security is of paramount importance to them.

There are a variety of methods by which clouds are secured. These methods include firewalls, tokenization, obfuscation, virtual private networks (VPNs), and avoiding public internet connections. Some of the direct ways that individuals can cause damage to clouds are stealing data by cracking security protocols, hijacking existing accounts, hijacking the traffic into/out of a network, taking advantage of insecure application program interfaces (APIs), exploiting poor choice of cloud storage providers, etc. Distributed denial of service (DDoS) attacks are another way that hackers can target corporations. These attacks attempt to disable a service by overwhelming it with data. DDoS attacks can cause considerable losses to any corporation, by not allowing access to a particular service or account. DDoS attacks don’t cause any direct damage themselves, but their consequences can be far-reaching.

Cloud security services have become a booming market. This market evolved in Silicon Valley but has grown to encompass clouds worldwide. Before getting into the list, one must understand the essential differences between cloud-based security and traditional network security. While conventional corporate networks sit behind a security perimeter, the cloud exists on the internet, theoretically in the reach of any user across the world. Therefore, cloud security is very different from network security, and the terms cannot be used interchangeably.

Today we will look at this market in detail, exploring the various factors that contribute to it.

Quick facts

  1. The global cloud security services market is expected to grow at a CAGR of 10.13% from 2014 to 2016.
  2. 92% of all corporations have user accounts for sale on the dark web.
  3. One in seventeen clouds have the ‘World Read’ permission, making them open to the public.
  4. Threat events in clouds have increased by 27% since 2018.
  5. The amount of sensitive data being shared over cloud-based services has gone up by 53% since 2018.
  6. The average cost per stolen record is $150.

Understanding the threat

The threat of data breaches has been continuously rising through recent years. Cloud-based services started being adopted widely in 2013. This led to a simultaneous rise in data breaches and data hacks affecting primary cloud services. These security breaches happened due to a variety of reasons, as discussed previously. In this section, we will attempt to understand the factors that lead to an unsecured network and how they lead to the loss of data. We will also see some prevailing trends in the IT world related to cloud security as a whole.

Now let’s dive right into it.

1. An average organization faces nearly 30.1 threats to their clouds every month: To get an idea about the importance of cloud security as a whole, consider the fact that on average each organization around the world has to face nearly 30.1 threats to their cloud-based data. This means that every single day at least one hacker tries to steal confidential data from an organization.

(Source: McAfee)

2. 43% of all publicly registered companies experienced a data breach in 2014: 2014 was one of the worst years for data breaches. The last decade saw a rise in the adoption of cloud-based services for storage and other purposes. Since this year saw the beginning of the cloud computing stage for a lot of corporation, as many as 39% of them had no plan in place to prevent data breaches. This led to a large number of corporations losing data to either hackers or saboteurs. According to the Ponemon Institute, as many as almost half of all publicly registered companies experienced a data breach in 2014. This was a huge jump from 2013, which saw 26% of all companies experience a breach. After 2014 the cloud security industry really took off. According to the same institute, in the year 2018, only around 21% of all companies had a serious data breach.

(Source: USA Today)

3. Storage applications are considered to be riskier than finance applications: There are a lot of cloud-based applications that can be used by corporations for a variety of purposes. However, the major use for most cloud-based services is for storage. There are a lot of applications that allow corporations to store and manage their data online over the cloud. These storage applications, however, are considered to be the riskiest kind of cloud service. Keep in mind that the second riskiest kind of applications are used for finance! So, corporations believe that their finances are more secure than their documents!

(Storage: Cloud Security Alliance)

4. Nearly 25% of data uploaded to the cloud is termed ‘extremely sensitive’: As stated previously, storage applications present the most risks to a company. This might be a little surprising to hear, considering that a lot of companies also do their finance and accounting on the cloud these days. However, in a report by Cloud Security Alliance, it was revealed that around one-fourth of all data that is being uploaded by a corporation was termed as being ‘extremely sensitive.’ This term implies that if this data were to fall in the wrong hands, it could be severely detrimental to the company’s operation.

(Storage: Cloud Security Alliance)

5. The rise of IoT has led to a new avenue for hackers to attack: IoT devices are devices that connected to the internet and can ease people’s lives. These devices have started to become extremely ingrained in the lives of their users and are often trusted with a lot of private information. For example, a smartwatch knows its wearer’s location at all times, a smart TV knows what its user is watching and interacting with, and a smart speaker hears every word spoken in the house. These devices are hence the best targets for any hacker to attack. The large scale adoption of IoT devices has led to a large increase in the number of attacks on clouds.  

(Source: Zdnet)

6. Only 37.3% of all cloud services explicitly state that the data being uploaded to them belongs to the customers: C Loud services are mainly used for storing and sharing data. The fact that this data gets uploaded to a third party server and doesn’t remain bound to the perimeter of any organization is a point of worry for many. It turns out that this doubt is very justified, as according to a survey of the terms and conditions of all the cloud services in use currently, only one-third of them explicitly state that the data that is hosted on their servers belongs to the uploader themselves. Some cloud services even maintain a copy of the data indefinitely, even after deletion from the user’s end.

(Source: McAfee)

7. A corporation’s own employees are the biggest threat to it: Considering the fact that cloud services are used by a wide variety of a corporation’s employees, it is not surprising that as many as 60% of all cloud data breaches were due to an employee. These breaches happened due to a wide swathe of reasons, from corporate espionage to just basic bribes. The vulnerability of a corporation to its employees was chillingly demonstrated in South Korea in 2014. An employee of the Korea Credit Bureau, the corporation that manages data for the three biggest banks in South Korea, managed to steal data of over 20 million South Koreans. This constitutes over 40% of the total South Korean population. It was a shocking surprise that one person could cause so much damage.

(Source: CNN)

8. As the number of cars connected to the cloud grows, so does the danger: While IoT devices have typically been limited to entertainment and productivity devices, a new class of IoT devices that are being added to the cloud could change the face of IoT forever. These devices are cars! That’s right; currently, there are nearly 250 million cars that work on the cloud. These include all of Tesla’s cars and some selected models from a large range of manufacturers. The connectivity of cars to the internet poses a serious threat to the drivers as due to the drive systems of every modern car being fully electronic they are very susceptible to being hacked. This is exactly what happened when a reporter from the Wired magazine was contacted by two hackers who claimed to have cracked the Jeep Wrangler’s security encryption. The reporter drove his car on the highway, and the hackers were able to remotely control his car, with his consent obviously. They were able to switch the radio on/off, control the AC and worst of all, even switch the transmission and brake systems of the car off while the car was in motion on the highway! The reporter was obviously safe, as they gave him control of his car back within seconds; however, the fact that they were able to do it with such ease is a chilling notion.

(Source: Wired)

9. An average organization experiences 12.2 threats from compromised cloud accounts per month: User accounts are the basic ways in which clouds secure access to their data. These accounts themselves belong to employees, who have a variety of ways in keeping them secure. While the most security-minded might come up with a complex password and store that password only in their memory. However, most people are not as aware of their personal accounts’ safety. These people may use their browsers to remember the passwords, write them down in a notepad note, which is unsecured, or even write it on a post-it note, which then falls into the wrong hands. No matter what method a hacker uses to get user accounts, it is effortless to find hundreds of employee user accounts for sale on the dark web. On average, organizations face 12.2 attacks from these compromised accounts every month.

(Source: McAfee)

Challenges on the Road to Security

Having understood the threat, one might be justified in thinking that cloud security should be on everyone’s mind in the corporate, and even the non- corporate world. However, it may surprise you to know that that is not the case. Compared to other cybersecurity fields, cloud security is growing slower than what would be expected with the number of data breaches that have occurred in the past. In this section, we will attempt to see what the status of the cloud security industry is in the professional world and understand the challenges that IT professionals across the globe are facing when it comes to securing their company’s clouds.

10. Since 2015, cloud security has been the top priority for 31% of all IT professionals: IT professionals are mainly responsible for their corporation’s cloud-based service. These professionals were questioned about their priorities for their workplaces. As we saw, 2014 was a horrible year for security in the IT department. This severely affected the responses for the survey. There were many responses, from upgrading their services to maintaining servers. However, nearly one-third of the IT professionals claimed that their first priority, for the past four years, has been cloud security. They stated that due to the increasing risks that clouds face, cloud security had been the primary focus of most of their contemporaries as well.

(Source: Network World State)

11. Bring your Own Devices (BYOD) and Bring Your Own Application (BYOA) causes major security risks: The new trend in the current IT world is BYOD and BYOA. This trend has led to a huge security risk, as these devices and applications are not under the watchful eye of the security team of the corporation. These devices could be compromised before they even enter the building. It is impossible for any security team to assess any application for any security risks before they are adopted. In a survey conducted by The Register showed that 50% of all respondents said that the biggest challenge with regards to cloud services is getting the chance to asses security risks before their employees adopt any service.

(Source: The Register)

12. Only around 71% of companies can confidently state that they did not have a cloud breach in the past year: Security breaches are getting scarily common in the recent years. Since 2004 there have been more than 50 major data breaches that caused the loss of more than 30,00 records. These breaches can often go unnoticed by the companies that own the server/data. This might be due to the hackers being careful to not leave traces, or because the breach was internals, so the employee covered their tracks. However, this uncertainty means that about 30% of companies cannot confidently state that they haven’t had their servers/ breached.

(Storage: Cloud Security Alliance)

13. As many as 64% of all IT professionals admit that their company’s use of cloud services is unsecured to some degree: IT professionals around the globe are tasked by their employers to secure their clouds against malicious attacks. These professionals hence gain an in-depth understanding of the service they’re protecting. The fact that as many as two-thirds of them believe that even with their won talents, their company’s clouds are unsecured to some degree should make you aware of the magnitude of the threat that hackers present. The major issue is that for every attempt made by IT professionals to secure a cloud is met with an equally motivated attempt to penetrate the cloud to collect sensitive data.

(Source: The Register)

14. On average, 74% of all IT professionals believe their companies aren’t doing enough to secure their cloud services: It is a well-known fact that most people who work at the very high echelons of corporations tend to be unaware of the newest innovations in the tech world. This is no different for cloud-based services. Approximately three-quarters of all IT professionals believe that their company isn’t doing enough to secure their clouds. This can range from the company not having an employee-specific user account to access the data, to even the cloud not being hosted on a secure service. The main challenge, they claim, is the lack of knowledge related to clouds in the higher levels of the company.

(Source: The Register)

15. Only 21% of cloud security managers believe that commercially available cloud security software is up to the mark: Cloud security can be achieved in a multitude of ways. The most secure way, and hence the most labor and resource-intensive, is to create a custom cloud infrastructure, specifically designed for the company’s needs. This is possible for large corporations who can afford to sink a large amount of resources into creating and maintaining clouds. However, for smaller corporations, the only option is to go for commercially available software for security of their clouds, which themselves are hosted on third-party servers. While this kind of software may be easier to use, only one in five cloud security officers in corporation believes that they are up to the mark for preventing any sort of hacking attempts.

(Source: Allied Market Research)

16. Around half of all companies don’t allocate enough resources for cloud security: As discussed, the higher levels of command in corporations tend not to be fully aware of the ramifications of using a cloud-based service. This leads to a shortage of funds being exclusively allocated for the purposes of securing clouds. In a survey of publicly traded companies, it was revealed that as many as half of them were underfunding their cloud security departments, making their data a prime target for hackers to attack. This situation pertains even through the various data breaches that affect companies, even after it being conclusively proved that a larger allocation of funds could prevent most of them.

(Source: Allied Market Research)

17. Less than half companies have a corporate directory to authenticate more than 5% of their cloud-based applications: The most basic level of protection that any cloud service, or any network service, is requiring a username and password that is unique to every employee. However, nothing stops these usernames from being generated for people who are not employees. The only thing that can prevent this the existence of a corporate directory, which can be used to authenticate each account and ensure that they belong to employees who have a right to access the cloud. However, more than half of the companies surveyed by the Cloud Security Alliance revealed that only around 5% of their cloud-based application used a corporate directory for authentication.

(Storage: Cloud Security Alliance)

Chilling Examples of Cloud Breaches

After understanding the threat of cloud security, it would be beneficial for us to check out some real-life examples from around the world. Here we will take a look into some of the biggest cloud breaches that have affected the biggest companies in the world. This will help us realize the importance of cloud security. These breaches have caused massive loss of data, along with there have been financial losses and corporate espionage as well.

18. One of the largest data breached in the world happened at Yahoo in 2013, resulting in almost three billion user accounts being leaked: Yahoo has always been the pioneer of internet technology since its inception. Yahoo was also one of the first companies to adopt cloud-based services for various purposes. These days nearly every company uses cloud infrastructure to service their needs. However, in the early days of cloud infrastructure, there were many glaring security flaws, which were exploited by many hackers. The biggest such data breach caused Yahoo to lose the records of nearly one billion individuals. This data contained information about their usernames and passwords, and even answers to security questions. This data could be used to take over the Yahoo account completely, allowing hackers to operate the user’s accounts with impunity.

(Source: CNN)

19. The Apple iCloud breach, which was dubbed the “The Fappening”: Apple’s iCloud is the service that allows iPhone users to upload their data, including photos and videos, to the cloud. Access to this cloud comes for free with every Apple device and has always been advertised to have the highest level of encryption. However, on August 31, 2014, there was a massive breach of data that caused the private photos of nearly 500 individuals to be leaked onto the internet. Individuals whose photos were leaked in this manner include high profile celebrities like Jennifer Lawrence and Kate Upton. This situation was exasperated by two more instances of the breach happening, which made Apple scramble to make their service more reliable.

(Source: Independent)

20. Home Depot lost the credit card details of nearly 56 million customers, causing hundreds of millions of dollars in loss: Home Depot started using cloud-based services to compile credit card information of its users in 2014. This service was used at checkout counters to identify cards being used multiple times, to fuel their loyalty programs. This service came under attack soon after it was adopted and led to the credit card information of nearly 56 million customers to be released onto the Dark Web. This situation was exasperated by the fact that the breach wasn’t discovered immediately, leading to a large number of customers losing a lot of money.

(Source: Info Security)

21. The WWE lost extremely personal details of nearly 3 million fans: The World Wrestling Federation is the largest wrestling organization in the world. It has tens of millions of extremely avid fans who love to watch their favorite wrestlers duke it out in the ring. A large number of these fans also shelled out top dollar for the WWE Network, which is the network that supplies all the wrestling entertainment services. However, signing up for this ser ice requires a lot of information about the fan to help WWE in deciding the location/nature of their fights. Hence they stored this data on the cloud and used sophisticated data processing algorithms to parse the data for information. Fans gave WWE very personal data, including their credit card details, their household incomes, their race and ethnicities, and even residential addresses. All the data was kept on an unsecured server on the Amazon cloud and was broken into by hackers in 2017. As many as 3 million private records were stolen, causing some fans losses worth nearly tens of thousand dollars.

(Source: Forbes)

22. Dropbox lost the private data of nearly 68 million users: Dropboxis the most popular cloud data storage service, with almost 97% of publicly traded companies using it to store their data and collaborate within their corporate structure. While Dropbox, in its current iteration, is heavily focused around data security, this wasn’t the case back in 2012. When Dropbox’s security protocols were still in their infancy, their central servers were targeted by hackers. Dropbox ended up losing the usernames and passwords to nearly 68 million accounts. This lets anyone who got a hold of these usernames and passwords combinations to these to get completely unrestricted access to the accounts and do whatever they wanted with the data stored within. These accounts were sold on the dark web for around $1100 each, which, when compared to the damage the data could do to the owner, was barely anything. Dropbox was breached multiple times again, but none of them were as extensive as 2012’s breach.

(Source: The Guardian)

23. Loss of 93.4 million voter records causes widespread electoral scam in Mexico: Voting and elections are the cornerstone of any good democracy. The protection of the sanctity of the election process needs to be at the forefront of priorities of any government. however, this is not what the Mexican Electoral Commission thought. They chose to house all their voter data on a cloud, which was hosted on a server in the United States. While the fact that voter data was taken out of the country is highly illegal, it wasn’t the biggest issue with the situation. The data was stored in plain text (not encrypted) and was publicly accessible by anyone who had the address of the cloud. This led to hackers obtaining the record of nearly 93.4 million Mexican voters. This enabled a large scale voter identity fraud to be perpetuated in the country, in the national elections no less. The Mexican government denied the information being used for scams, though they did admit to storing the data on the cloud.

(Source: Digital Trends)

Financial Facts about the Cloud Security industry

The industry that caters to cloud security has grown monumentally in the past few years. Especially since the disastrous year that was 2014, corporations have been investing in cloud security. As we have seen in the rest of the article, this investment is not the state it should be at, but it is still a budding industry that deserves the attention of any business-minded individual. Let’s take a brief look at the growth and size of the cloud security industry around the globe.

24. The market for securing cloud-based services is growing rapidly: As we have seen, cloud security is becoming the top priority for a large number of corporations around the world. This has led to the industry revolving around securing the cloud data. This industry got a massive boost after the year of 2014, which saw a whole slew of large scale data breaches and rose to be valued nearly $9 billion in 2019. It is going to keep increasing rapidly in value and is expected to be worth almost $25 billion by the end of the year 2025.

(Source: Research and Markets)

25. Data breaches will cost companies $150 million in 2020: Data breaches can cause horrible losses to a company. Some estimates suggest that when it comes to the Fortune 500 companies, a single data breach can cause as much as $30 million in losses. According to Juniper Research Centre data breaches will cause as much as $150 million in damages in the year 2020. However, on average, companies lose $3.92 million due to a single data breach.

(Source: Juniper Research)

26. Share prices can fall by as much as 7.27% after a data breach: As we have discussed, companies can be subject to huge losses after a data breach. The public also loses a lot of faith in the company that loses data. This usually gets reflected in the stock market as well. Judging by the past data that has been collected after every major data breach since 2014, companies that suffer a data breach can see their stock prices drop by as much as 7.27% within just one week.

(Source: Infosecurity Magazine)

Data Sources and References

  1. McAfee
  2. USA Today
  3. Cloud Security Alliance
  4. Cloud Security Alliance
  5. Zdnet
  6. McAfee
  7. CNN
  8. Wired
  9. McAfee
  10. Network World State
  11. The Register
  12. Cloud Security Alliance
  13. The Register
  14. The Register
  15. Allied Market Research
  16. Allied Market Research
  17. Cloud Security Alliance
  18. CNN
  19. Independent
  20. Info Security
  21. Forbes
  22. The Guardian
  23. Digital Trends
  24. Research and Markets
  25. Juniper Research
  26. Infosecurity Magazine