Cloud Incident Response Blog | Cado Security

ESG Research Reveals 89% of Companies Negatively Impacted by Cloud Cyber-Attacks Prior to Full Investigation

Written by jbowen@cadosecurity.com | Nov 16, 2021 2:00:13 PM

We're excited to unveil new cloud digital forensics research in collaboration with ESG. As cloud attacks continue to rise in number and sophistication, 79% of organizations realize the need for a new set of technologies to better enable them to investigate cloud incidents. However, many still rely on the traditional tools and methodologies they're familiar with. As a result:

  • 64% say it takes too much time to collect and process data to perform a timely investigation (on average, it takes organizations 3.1 days to begin an investigation);
  • 89% of organizations experienced a negative outcome in the time between detection and investigation; and
  • 35% of cloud security alerts are not investigated.

While the challenges associated with performing in-depth investigations have given attackers an advantage, 85% of organizations will increase spending on cloud digital forensics over the next 12 months, in an effort to mature their cloud security strategy. Further, 80% of those organization that currently outsource digital forensics and incident response, wish to bring it in house.

To read the report, “Organizations Demand a New Approach to Digital Forensics,” please visit here.

The full press release can be found below:

New ESG Research Reveals 89% of Companies Negatively Impacted by Cloud Cyber-Attacks Prior to Full Investigation

Seventy-four percent of security leaders and incident responders say their organizations need more data and context to conduct cloud investigations; 35% of cybersecurity alerts are ignored

LONDON – November 16, 2021 – Cado Security, provider of the first and only cloud-native digital forensics platform, today released new research from ESG that found that 89% of companies have experienced a negative outcome in the time between detection and investigation of a cyber-attack on their cloud environments. The research further revealed that it takes an average of 3.1 days to begin an investigation of a known cloud breach after data capture and processing.

Based on a survey of 150 security professionals, “Organizations Demand a New Approach to Digital Forensics” examined the challenges and current maturity level of digital forensics and incident response (DFIR) of cyber-attacks on cloud environments. It found that organizations are approximately 4x more likely to say both their cloud DFIR capabilities are less mature and cloud investigations are harder to conduct relative to traditional environments. As a result:

  • 74% of security professionals say their organizations need additional data and context to conduct forensics investigations in cloud environments;
  • 64% say it takes too much time to collect and process data to perform a timely investigation; and
  • 35% of cloud security alerts are not investigated.

“The rapid move to the cloud is clearly outpacing security teams' ability to adapt their capabilities to respond to attacks within cloud-native environments,” said Doug Cahill, vice president and senior analyst at ESG. “In particular, this research reveals that digital forensics capabilities in cloud environments are more nascent, and investigations are more difficult compared to traditional environments. Because of this challenge, 85% of organizations we surveyed plan to increase spending on cloud-native digital forensics solutions over the next 12 months.”

Further complicating the challenge of investigating cloud security incidents is the accelerating use of containers. ESG found that 91% of organizations currently use or plan to use containers for production applications in the next 12 months, but 50% believe post-mortem analysis of container-based incidents is impossible. These resources spin up and down continuously. If malicious activity occurs between the time one is spun up and down, that data is lost forever.

The research also examined the top priorities for security teams to better enable digital forensics investigations in their organizations’ cloud environments. Sixty-five percent of respondents cited the need to develop cloud skills within security operations teams, while 60% stated the need to develop a better understanding of the threats targeting cloud environments.

“Detection platforms help ensure security teams are quickly alerted of malicious activity in the cloud, but when it comes to incident response, this is only the tip of the iceberg,” said James Campbell, CEO and co-founder of Cado Security. “This research provides clear evidence of a huge gap in the market, as 79% of organizations recognize the need for cloud-specific digital forensics controls, yet they rely on legacy forensic tools not optimized for the cloud. This is driving strong demand for our Cado Response platform.”

The Cado Response Platform empowers security professionals to understand the root cause and impact of compromises quickly and precisely. The platform automates data capture across cloud and container environments, while also supporting traditional, on-premises systems. Its patent-pending architecture scales up and down to provide rapid processing when needed and save costs when not. Its analytics engine is powered by machine learning and threat intelligence to make investigations easier for analysts by adding context and awareness to the data. The Cado approach cuts the time to conduct a full investigation in half by providing security teams with 100% of the data and information they need to respond to breaches faster.

To download the report, “Organizations Demand a New Approach to Digital Forensics,” please visit here. In addition, ESG senior analyst Dave Gruber will discuss the research findings with Cado Security during a live webinar on Tuesday, November 16, 2021, at 3:00 PM ET. To register, please visit here.