Managing Cloud Risks Gave Security Teams a Big Headache in 2024

Enterprise IT and security managers had a lot to worry about in 2024, such as the exploding number of vulnerabilities, increased volume of threats against their organizations, constant drumbeat of data breaches, and steady stream of user errors and behaviors to manage. Also a big concern was the growing risk exposure as a result of their organizations' increased reliance on cloud technologies.

Respondents to Dark Reading's Strategic Security Survey revealed growing concerns about risks tied to cloud services. In the face of rising adoption of cloud services for data storage, applications, and business operations, organizations appear to be particularly worried about their dependence on cloud providers' security measures and their reduced control over data in cloud environments. Most organizations said they work with multiple cloud providers, which contributes to the visibility challenges. Almost half (48%) rely on two or three providers, and just 10% work with a single provider. In fact, 60% of respondents work with between two to five cloud service providers.

Cloud Challenges in 2024

The near ubiquity of the cloud means organizations are increasingly concerned about cloud security threats. Exploits targeting cloud service providers is the top worry for almost half of the respondents (49.6%), followed closely by cloud services breaches and intrusions (47.8%). The lack of data visibility in cloud environments and an inability to enforce security policies on cloud-stored data tie for third place (39.1%). In comparison, the 2023 survey revealed 45% of respondents worried about cloud exploits, 38% worried about cloud services breaches, and 24% worried about the inability to enforce security policies in the cloud.

The complexity of cloud security is further highlighted by organizations' staffing and control concerns. Overreliance on cloud service providers to detect data breaches was cited by 28.7% of respondents, while 19.1% expressed concern about unclear incident-response protocols with their cloud service providers. Notably, the percentage of organizations worried about their inability to enforce security policies on cloud-stored data increased from 24.4% in 2023 to 39.1% in 2024, suggesting a growing awareness of the challenges in maintaining security control in cloud environments. These findings indicate that while organizations continue to embrace cloud services, they struggle with visibility, control, and the division of security responsibilities between themselves and their cloud service providers.

Security teams have long grappled with the challenges posed by the shared responsibility model with cloud providers, where the provider and the organization have to work together to handle their part of the security tasks. The survey found that organizations are increasingly including the challenges of shared responsibility models, data sovereignty issues, and loss of control in their risk assessments. For instance, 39% are worried about risks tied to a lack of visibility in cloud environments, and an identical proportion believed their inability to enforce enterprise data security policies in the cloud has put them at risk. Nearly three in 10 (29%) are concerned about their overreliance on cloud vendors to detect security issues.

Ransomware Trends in 2024

Ransomware attacks have been on the rise over the past few years, and the Strategic Security Survey reflects that increase, as well. While the majority of the respondents did not experience a ransomware attack in 2024, the number of respondents whose organizations were hit by ransomware in 2024 (16%) is higher than those in 2023 (11%). And ransomware attacks are costly. While 29% of respondents said in 2023 their organizations suffered significant financial loss that impacted the business, that number jumped to 45% in 2024.

What's noteworthy, however, is that the number of respondents who say their organizations paid the ransom has been going down each year, from 44% in 2022 to just 20% in 2024.