Originally published on Disaster Recovery Journal
The world’s cloud computing market is expanding at a high speed. If it continues its current pace, it will grow from $626.4 billion in 2023 to $1.26 trillion by 2028, according to MarketsandMarkets. That’s a compound growth rate of more than 15% per year. As a result, it’s also driving growth in other technology markets, such as AI, IoT, and software, which depend on the innovative and dynamic nature of the cloud.
Together, they promise to propel humanity towards a truly digital dawn.
However, these expansions have also led to an explosion in cybercrime. According to the 2023 Thales Cloud Security Study, nearly half (46%) of businesses suffered a data breach in their cloud environment last year. Unless security strategies find a way to adapt, and soon, things might get exponentially worse.
Let’s look at some of the most high-profile cyber breaches of 2023 and see if we can improve our cybersecurity cloud strategies for 2024.
2023 Cyber Breaches
Despite the rising trend of cloud adoption among small and medium-sized businesses, large enterprises remain the primary drivers of the industry’s immense growth. This also means they remain the most valuable targets, as their services impact millions of people – and any disruption or theft will have far more significant consequences.
Here are three examples of such breaches from 2023:
- T-Mobile: one of the largest wireless carriers in the U.S. At the start of 2023, a bad actor managed to access the accounts and personal, sensitive information of T-Mobile’s 37 million customers. The API attack began in 2022, but it took the company several months to discover and deal with the breach.
- Progress MOVEit Transfer: the third-party web transfer application suffered a devastating data theft, considered by many to be the most severe attack of the year. The internal investigation revealed the attack impacted 77 million individuals and 2,630 organizations, including Shell, the Department of Motor Vehicles of several states, and the U.S. Department of Energy.
- Toyota: in the summer, bad actors used a misconfiguration in Toyota’s cloud environment to expose the data of 260,000 customers in Japan and elsewhere. Later, Toyota revealed this data had been exposed since February 2015.
Is the Public Cloud a Liability?
Evidently, the need to strengthen security posture strategies to mitigate cyber-attack risks and data breaches in 2024 cannot be understated.
As businesses adapt to the digital world and eagerly appoint cloud technologies, they must remember that despite its many benefits, risks and vulnerabilities still exist. Especially for those organizations which rely heavily on public cloud services, as many security incidents of 2023 once again highlighted vulnerabilities of such cloud infrastructures.
Experts agree the rapidly expanding public cloud market and constantly evolving public cloud products can be sources of security threats. The multi-tenant nature of public cloud infrastructure increases the attack surface area, as many users are sharing hardware, resulting in the potential for more vulnerable or even malicious code to arise.
The Return of the Private Cloud
Given the vulnerabilities of the public cloud, some of which are inherent to its infrastructure, and the increasing threats from cybercriminals, many companies believe it’s time to regain control over the cloud and choose a more secure solution.
One of the most reasonable directions here can be a private cloud. The private cloud offers a single-tenant infrastructure on dedicated hardware, significantly improving security and offering a more customizable security suite.
There’s already a trend of cloud migration, where companies are moving their sensitive data and workloads to the private cloud. As a result, the private cloud market is estimated to grow by nearly 30% between 2022 and 2029, reaching a total value of over $528 billion.
Meeting in the Middle
However, this doesn’t mean the public cloud will see a decline in 2024 – quite the opposite. According to last year’s studies, many businesses are adopting a hybrid cloud architecture using both public and private cloud services.
A hybrid cloud infrastructure allows organizations to cherry-pick the best of both worlds, usually by building an infrastructure with the security of the private cloud coupled with the scalability of the public. This way, they also distribute their risks across different platforms to strengthen their security.
2023 showed us the dangers of taking cloud cybersecurity lightly. It also spotlighted the security risks that come with blindly relying on public cloud services. The best advice is to consider one’s cloud strategy and solution carefully. Approach it strategically and align the company’s business and cybersecurity needs with the right cloud solutions. Because if 2023 is any indication, it will be a busy year for cybersecurity teams.
