“Is the cloud more or less risky than on-prem? How do we even make those determinations?” Wade Baker, co-founder of Cyentia Institute, and a leading data whisperer for cybersecurity risk going back to his days running the authoritative Data Breach Investigation Report (DBIR), asked those top-of-mind questions in his session at the recent 2023 FAIR Conference. “There’s not a straight-out answer,” he said, but mining the data can give any organization an idea of what variables to consider in assessing risk posture in the cloud.
Watch Wade’s session on cloud risk at FAIRCON23
Is It Raining Risk? What Data says about Cyber Risk in the Cloud
A FAIR Institute free membership required to view. Join now!
Some key points from Wade’s presentation, which drew on recent Cyentia research publications:
>>There’s no indication cloud environments are inherently less secure than on-prem. Organization characteristics and risk management capabilities are the bigger determinants in the comparison.
>>Organizations with cloud-heavy architectures tend to report higher achievement of resilience outcomes. But the evidence also suggests the early to mid stages of cloud migration may erode resilience.
>>The majority of firms have exposures allowing attackers to pivot between on-prem and cloud environments. Attack paths to compromise critical assets in clouds tend to be shorter with fewer choke/control points.
For more cybersecurity risk data, see the FAIR Institute’s 2024 Annual Cyber Risk Report.
