This comes amidst a 50% increase in usage of cloud collaboration tools, says a WFH cloud adoption and risk report.
Between January and April 2020, overall enterprise adoption of cloud services spiked by 50%, use of cloud collaboration tools such as Microsoft Teams and Cisco WebEx increased by up to 600%, with the education sector seeing the most growth as more students were required to adopt distance learning practices.
That is nothing new by now, but the more interesting observation by a Cloud Adoption & Risk Report from McAfee is that threat events from external actors increased by 630% in that period.
Most of these external attacks targeted collaboration services like Microsoft 365, and were large-scale attempts to access cloud accounts with stolen credentials. Insider threats remained the same, indicating that working from home has not negatively influenced employee loyalty. Access to the cloud by unmanaged, personal devices doubled, adding another layer of risk for security professionals working to keep their data secure in the cloud.
Said Rajiv Gupta, senior vice president, Cloud Security, McAfee: “While we are seeing a tremendous amount of courage and global goodwill to overcome the COVID-19 pandemic, we also are unfortunately seeing an increase in bad actors looking to exploit the sudden uptick in cloud adoption created by an increase in working from home.”
Based on anonymized and aggregated data from more than 30 million McAfee MVISION Cloud users worldwide, the report reveals significant and potentially long-lasting trends that include an increase in the use of cloud services, access from unmanaged devices and the rise of cloud-native threats. These trends emphasize the need for new security delivery models in the distributed work-from-home environment of today–and likely the future.
“The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behavior. Mitigating this risk requires cloud-native security solutions that can detect and prevent external attacks and data loss from the cloud and from the use of unmanaged devices. Cloud-native security has to be deployed and managed remotely and can’t add any friction to employees whose work from home is essential to the health of their organization,” said Gupta.
With cloud-native threats increasing in step with cloud adoption, all industries need to evaluate their security posture to protect against account takeover and data exfiltration. McAfee offers the following neutral tips for maintaining a strong security posture include:
- Think cloud-first: A cloud-centric security mindset can support the increase in cloud use and combat cloud-native threats. Enterprises need to shift their focus to data in the cloud and to cloud-native security services so they can maintain full visibility and control with a remote, distributed workforce.
- Consider your network: Remote work reduces the ability for hub and spoke networking to work effectively with scale. Network controls should be cloud-delivered and should connect remote users directly to the cloud services they need.
- Consolidate and reduce complexity: Cloud-delivered network security and cloud-native data security should smoothly interoperate, ideally be consolidated to reduce complexity and total cost of ownership and increase security effectiveness and responsiveness.