Incident Response Survey Reports Critical Gaps Fueled by Lack of Visibility and Control Over Cloud Environments

Cado Security, provider of the first investigation and response automation platform, today announced the findings of new research examining why "Organizations Require a New Approach to Handle Investigation and Response in the Cloud." The report, which explores the critical role and challenges of incident response, reveals widespread shortcomings that leave organizations vulnerable to delays in resolving incidents and an inability to comply with and meet regulatory demands. The primary contributing factor is a lack of visibility and control over cloud environments.

"A robust incident response program – especially one that extends to the next generation of technologies – is critical to safeguarding organizations against emerging threats," said James Campbell, CEO & Co-Founder at Cado Security. "Yet, as revealed in our latest report, organizations still lack streamlined incident response strategies for cloud environments. The findings reinforce that organizations urgently need to adopt new approaches to swiftly investigate and respond – not only to better address risk, but also to comply with the complex and ever-changing incident response reporting mandates across the globe."

Key findings, which Cado Security covers in detail within the report, include:

  • Traditional incident response approaches are complex and time-consuming, leading to a gap between event detection and investigation that results in damage. Nearly 90% of organizations suffer damage before containing and investigating incidents. Organizations report that 23% of cloud alerts remain uninvestigated due to various challenges and complexities.
  • A primary contributing factor to investigation delays was the lack of visibility and control over cloud environments, fueled by the following operational challenges: 82% of organizations report the need to use multiple platforms and tools to perform investigations in the cloud. Further, 34% of organizations report limited cybersecurity skills specific to cloud technologies.
  • As regulatory reporting requirements evolve, organizations are challenged with the increasing scope and staying abreast of new regulations. 42% of organizations report that the main compliance challenge beyond cloud adoption is the lack of visibility into data, and 34% of respondents have been fined for not meeting regulatory requirements.

Looking Forward

  • Organizations are Enhancing Their Cloud Investigation Capabilities: As organizations migrate to the cloud, they must adopt new technologies to better secure against evolving threats. The report uncovered that organizations have slightly improved their ability to handle cloud investigations, with respondents reporting that 23% of cloud alerts are never investigated, compared to over 33% in 2021.
  • Organizations Have Budgeted for Cloud Forensics: The visibility challenges associated with investigation and response in the cloud have organizations increasingly turning to forensics tools. To this end, 83% have allocated a budget for cloud forensics, emphasizing the growing importance of forensics capabilities in managing cloud security.
  • Future Strategies for Cloud Investigation and Response: As organizations attempt to lean on existing tools, such as SOAR (Security Orchestration, Automation, and Response) platforms, to gain visibility into cloud-based threats, the report found that incident response automation is twice as effective when compared to SOAR for cloud investigations. While prioritizing the implementation of automation is essential, this automation must be customized explicitly for incident response rather than applying general automation solutions.

Methodology: The survey of over 300 security leaders and decision-makers working in organizations based in the United States and the United Kingdom was conducted in collaboration with TrendCandy. Survey participants had to use public clouds, such as AWS, Azure, and GCP, for business operations, hold a manager level and above, work within information security or cybersecurity, and be involved in cloud security.

To learn more about the findings and download the full report, visit https://www.cadosecurity.com/2024-survey-report.

About Cado Security

Cado Security is the provider of the first investigation and response automation platform focused on revolutionizing incident response for the hybrid world. Cado significantly reduces response times by automating the capture, processing, and analysis of data residing in cloud, container, serverless, SaaS, and on-premises environments. Only Cado empowers security teams to add critical context to everyday security investigations on any system. Anywhere. Anytime. Backed by Eurazeo, Blossom Capital, and Ten Eleven Ventures, Cado Security has offices in the United States and United Kingdom. For more information, please visit www.cadosecurity.com or follow us on Twitter @cadosecurity.

Michelle Yusupov Hi-Touch PR 443-857-9468 yusupov@hi-touchpr.com