Cado Security has published the findings of new research examining why Organisations Require a New Approach to Handle Investigation and Response in the Cloud. The report, which considers the critical role and challenges of cybersecurity incident response (IR), reveals widespread shortcomings that leave organisations vulnerable to delays in resolving incidents. Nearly 90% of surveyed IT security decision makers admitted that their organisation had suffered damage before containing and investigating incidents. The primary contributing factor being a lack of visibility and control over cloud environments.
Worryingly, 43% of organisations have experienced significant damage from a cloud incident alert that didn't get investigated and 23% of cloud alerts are never investigated.
For those incidents that are investigated, 65% of respondents noted spending 3-5 days more on cloud investigations than on-premises, leaving them open to additional risk as attackers infiltrate networks.
As many as 93% of those surveyed highlighted that delays in resolving incidents were due to a requirement to request permission to access resources from the cloud team. This is concerning given that 92% stated that they have a formal process for cloud investigation in place.
36% of organisations reported lack of visibility and control over cloud environments was the biggest operational challenge when it comes to timely investigation and response to cloud-based threats. A lack of cloud-specific knowledge also contributed to this with 34% of organisations reporting limited cybersecurity skills specific to cloud technologies.
Integration of security tools across multiple cloud platforms was also flagged by 45% as the top operational challenge when it comes to responding to cloud security threats, perhaps due to the 82% that confirmed having multiple tools/platforms in place to perform forensics investigations in the cloud. This makes investigating threats hugely challenging for 70% of those surveyed, as resources are impacted across multiple cloud providers.
"A robust incident response programme – especially one that extends to the next generation of technologies – is critical to safeguarding organisations against emerging threats," said James Campbell, CEO & Co-Founder at Cado Security. "Yet, as revealed in our latest report, organisations still lack streamlined incident response strategies for cloud environments. The findings reinforce that organisations urgently need to adopt new approaches to swiftly investigate and respond – not only to better address the risks, but also to comply with the complex and ever-changing incident response reporting mandates across the globe."
The good news is that those surveyed recognise where investigation and response automation can be improved and how AI and automation can benefit investigations going forward to make processes more efficient and avoid the risk of failed compliance and costly breaches. This is positive when 44% said data breaches and data loss incidents are the biggest challenge faced with cloud-based threats and 34% admitted to having been fined for not meeting regulatory requirements.
Looking forward, over half of respondents said cloud response platforms will better their visibility into cloud-based threats and risk and 95% believe AI will play a major role in cloud incident response in the next two years. Organisations are exploring various strategies to perform investigation and response in cloud environments. Naturally, security teams have attempted to leverage existing tools, such as SOAR (Security Orchestration, Automation, and Response) platforms to address these challenges. However, the findings indicate that incident response automation is twice as effective as SOAR for cloud investigations.
Positively, 77% expect the annual overall budget for cloud forensics and incident response IT security budget to increase in 2024 and 83% of organisations have a budget for cloud forensics.
“Whilst there is still a way to go, it seems businesses are taking steps in the right when it comes to investigation and response automation and are investing in the right places with almost 40% recognising that cloud response platforms will minimise the costs associated with investigations, not to mention the savings associated with the cost and repercussions of a data breach”, added Campbell.
