By Ian Barker
According to a new survey, workloads run on in-house systems suffer 51 percent more security incidents than those on public cloud services.
The study from cloud security and compliance company Alert Logic analyzed more 2 million security incidents captured by its intrusion detection systems over 18 months.
It finds customers running applications on public cloud platforms experienced an average 405 security incidents over the period while on-premises customers experienced 612. Hosted private cloud had a 69 percent higher incident rate (684) and hybrid cloud a worrying 141 percent higher (977).
But while the public cloud is relatively safe, the results show that web applications expose companies to risk. Web application attacks accounted for 73 percent of all the incidents flagged in the 18-month evaluation period. These attacks affected 85 percent of all Alert Logic customers, with code injection attacks, such as SQL injection, leading the pack.
Vulnerabilities in widely-used third-party web application components, insecure coding practices and increases in exploit automation make content management systems and e-Commerce platforms a rich hunting ground for hackers targeting web applications. Attacks targeting Joomla accounted for 25 percent of total web application attacks observed, followed by WordPress with 10 percent and Magento with 7 percent.
"We focused our analysis on incident types and the workloads and environments most at risk," says Misha Govshteyn, senior vice president of technical and product marketing at Alert Logic. "Cyber attackers continue to seek the weakest spots in network defenses and businesses need to understand how they are refocusing to take advantage of the changing attack landscape."
Among other findings are that server-side ransomware is relatively scarce, accounting for only two percent of total recorded incidents.
You can read more in the full report available from the Alert Logic website.