Self-Inflicted Cloud Wounds Still The Top Risk In Cloud Security, New Report Finds

Cloud Security | Reports & Predictions | Threat Intelligence

New research by Dark Reading commissioned by Qualys, The State of Cloud & SaaS Security Report, reveals top cloud and SaaS security threats facing enterprises today.

Posted: Friday, Apr 04

KBI.Media
$
Self-Inflicted Cloud Wounds Still The Top Risk In Cloud Security, New Report Finds

Self-Inflicted Cloud Wounds Still The Top Risk In Cloud Security, New Report Finds

Qualys has released The State of Cloud & SaaS Security Report. The survey, commissioned by Qualys and conducted by Dark Reading reveals that human error remains the most prevalent cloud and SaaS security risk, despite the growing sophistication of attacker tactics.

The study draws on insights from over 100 security and IT practitioners. It reveals that 28% of organisations experienced a cloud- or SaaS-related data breach in the past year — meaning more than 1 in 4 enterprises were impacted. Even more alarming, 36% of those affected faced multiple breaches within a single year.

“The picture that emerged from the report is clear: the rapid pace of cloud-native adoption — from AI services to containerised apps — is outstripping many organisations’ ability to manage security risk,” said Shilpa Gite, Senior Manager, Cloud Security Compliance at Qualys. “Our findings reveal a pattern of recurring challenges – from misconfigurations leading to exfiltration risk, vulnerable assets exposed to the public internet, persistent ransomware threats, and compliance drift. As cloud environments become more dynamic and distributed, securing them requires more than traditional controls. The opportunity lies in embracing automation, policy-based enforcement, and attacker-like thinking — before risks turn into breaches.”

The State of Cloud & SaaS Security Report Highlights

Insight 1: Self-Inflicted Cloud Wounds Are Still the #1 Risk

Misconfigured cloud services continue to open doors for data breaches, and the rise of infrastructure as code (IaC) and AI-generated configurations is amplifying this risk. Alarmingly, 99% of Virtual Machines are non-compliant for MFA delete on Critical AWS S3 Buckets in the cloud. These errors, whether manual or automated, remain the top cause of cloud-related breaches and are often exploited through phishing and social engineering tactics.

Insight 2: Skill Gaps Undermine Incident Response

Despite investments in security tools, many organisations lack the cloud-specific skills needed to detect and respond to breaches. As attackers automate initial access and lateral movement through exposed APIs and credentials, security teams need deeper visibility and smarter automation. The report details real-world examples where exposed API keys and weak response workflows led to successful extortion and exfiltration attacks.

Insight 3: Containers and WebApps Are Expanding the Attack Surface

The shift to containerised workloads and modern web applications is introducing complex, ephemeral risks. Containers introduce more inter-process communication, expanded network exposure, and rapid lifecycle changes that make traditional controls obsolete. The report dives into practical strategies to lock down container environments and enforce policies before workloads go live.