Cybersecurity firm Check Point Software Technologies' ‘2024 Cloud Security Report’ shows a critical surge in cloud security incidents, with 61% of organisations reporting significant disruptions, compared with 24% in 2023.

This sharp rise underscores the risks associated with cloud environments and emphasises the urgent need for enhanced security frameworks that prioritise comprehensive visibility and proactive threat management, the report states.

Of the respondents, 16% said they had experienced no incidents, but 23% were either unsure or unable to disclose details about these incidents, which suggests a concerning lack of visibility and control over cloud security, which could exacerbate the risk of undetected breaches.

“To address these increased incidents and blind spots, organisations should adopt a prevention-first approach, ensuring security measures are proactive rather than reactive.

“Leveraging advanced, AI-supported security solutions can aid in anticipating and mitigating potential threats before they result in significant damage, aligning with an industry-wide shift towards more preemptive security strategies,” Check Point said.

However, the report also showed that the adoption of Cloud-Native Application Protection Platforms (CNAPP) is growing, with 25% of organisations having already implemented CNAPP solutions.

This trend reflects a strategic move towards integrating comprehensive security measures that combine prevention, detection and response capabilities, it noted.

CNAPP should be the cornerstone of any cloud security strategy, as it unifies Cloud Security Posture Management (CSPM), Cloud Workload Protection, Cloud Infrastructure Entitlement Management, Cloud Detection and Response, and Code Security, making it much easier to automate processes and reduce manual inefficiencies.

“Tailoring cybersecurity strategies to the specific types of incidents encountered in cloud environments is critical for effectively addressing prevalent threats, and this is particularly relevant for 2024 and beyond,” the company said.

While in previous years, misconfigurations were the leading enabler for security incidents and the focus for most organisations, this year, 21% of organisations reported data security breaches as the main enabler for cybersecurity incidents.

Further, misuse of cloud services, noted by 17% of respondents as an enabler for security incidents, indicates significant exploitation of cloud resources for malicious purposes. Configuration and management errors were reported by 12% of respondents as an enabler for security incidents, which is lower than the prior year.

“Although CSPM has become a common security practice for many organisations, aimed at ensuring the implementation of appropriate policies and controls to identify misconfigurations, the rising number of data breaches highlights the necessity of prioritising the protection of cloud assets that contain sensitive data.

“Adding security components, like Data Security Posture Management, offers security teams added visibility as to where sensitive data lives, who has access to it, and how it is being used,” the report stated.

Additionally, an overwhelming 96% of survey respondents are concerned about their capacity to manage these risks, with 39% being very concerned.

This highlights the significant pressure on scarce resources and underscores the need for more proactive security solutions, Check Point said.

BARRIERS
Rapid technological change was reported as a barrier to improving cloud security by 38% of respondents, and the lack of skilled personnel was cited by 37% of respondents. This underscores the difficulty in keeping pace with evolving threats and the technology designed to combat them.

Organisations are struggling with keeping current cybersecurity skills sharpened. The survey findings highlight the challenge many organisations face in recruiting new cybersecurity expertise, with a significant 76% of respondents reporting a shortage of skilled cybersecurity professionals, Check Point added.

Additionally, 36% of participants identified poor integration and interoperability between security solutions as a major challenge, indicating that a cohesive security environment could significantly enhance defensive capabilities, the report highlighted.

“To overcome these barriers, organisations should consider advanced training and development of existing staff to close the skills gap, as well as consulting services to further assist with integrating security solutions across their various tools and platforms and free up constrained resources,” Check Point advised.

AI ADOPTION
Meanwhile, a majority, or 91%, of respondents consider AI a priority, illustrating a significant lean towards adopting AI-driven solutions within their cybersecurity strategies. This also marks a significant shift towards adopting AI-driven technologies for proactive threat prevention.

“This substantial focus underscores the growing reliance on AI to augment security measures, driven by AI’s capability to analyse large data sets rapidly, detect anomalies, and predict potential threats with a level of precision and speed unattainable by human analysts alone,” Check Point said in the report.

Organisations should consider elevating AI’s role within their cybersecurity strategies, particularly by leveraging AI-powered tools like proactive Web application firewalls and advanced network security systems.

These AI-enhanced tools can dramatically improve the detection and prevention of sophisticated cyberthreats, especially zero-day attacks, by continuously learning and adapting to new threats, Check Point advised.

CONSISTENT STANDARDS
The complexity of maintaining consistent regulatory standards in hybrid or multi-cloud architectures becomes apparent in the report's findings, as 54% of respondents grapple with ensuring compliance and cloud governance across diverse environments.

Additionally, nearly half, or 49%, struggle with integrating cloud services into ageing legacy systems, a task complicated by scarce IT resources, which can hinder effective and secure integration.

“The data in the report speaks volumes about the urgent need for organisations to shift their focus towards implementing AI-powered threat prevention measures,” said Check Point Software Technologies chief strategy officer Itai Greenberg.

“With 54% of respondents focusing on threat detection, adopting a prevention-first CNAPP can shift the approach from reactive to proactive. This minimises alerts and incorporates preventative measures, significantly reducing the volume of risks needing attention by scarce security analysts.

“By adopting a consolidated security architecture and enhancing collaborative security operations, businesses can preemptively tackle emerging threats, ensuring a more secure and resilient cloud environment,” he said.