Getty Images

Cybersecurity Risks Spike Within Cloud-Based Apps, Report Shows

More than 400 distinct cloud applications delivered malware in 2022 as cloud adoption continues to rise, Netskope data shows.

Cloud adoption has been on the rise in the healthcare sector for years for good reason as more organizations lean into digital transformation. According to Vantage Market Research, the healthcare cloud computing market is expected to reach $128.19 billion by 2028, growing at a CAGR of 18.74 percent from 2021 to 2028.

But despite rapid adoption, cloud technologies are not immune to security threats.

According to new data from Secure Access Service Edge (SASE) company Netskope, more than 400 distinct cloud applications delivered malware in 2022. That figure is nearly triple the amount observed in 2021. Netskope leveraged anonymized usage data collected by its Netskope Security Cloud platform to inform its insights.

“Cloud malware delivery increased in 2022 after having remained constant in 2021, caused by an increase in the total number of apps abused to deliver malware and the quantity of malware downloads coming from the most popular apps,” the report noted.

“Microsoft OneDrive’s position as the most popular cloud storage app in the enterprise also meant that it continued to lead the charts in 2022 as the origin of the plurality of cloud malware downloads.”

In fact, 30 percent of the observed cloud malware downloads stemmed from Microsoft OneDrive alone, largely due to the fact that it is widely used around the world.

COVID-19 sparked a rise in remote work, which subsequently led to an increased reliance on cloud-based collaboration apps, Netskope suggested. According to Netskope’s data, 40 percent of people use OneDrive daily, and more than 25 percent of people upload content to OneDrive daily.

Healthcare experienced some of the largest increases in cloud malware downloads in 2022 compared to other industry verticals, along with the telecom and manufacturing sectors.

“Phishing, scams, credit card skimmers, exploit kits, and other malicious web content also continued to rise in 2022. Compromised sites, sites created using free hosting services, and fake websites hosting seemingly legitimate content have helped attackers disguise malicious web content, making it difficult to filter malicious content using URL categorization alone,” the report stated.

“The rise in cloud malware delivery and malicious web content underscores the importance of inspecting all content, from all destinations, for both web and cloud.”

Netskope recommended that organizations enforce granular policy controls to limit data flow, deploy cloud data protection, and use behavioral analytics to detect compromised accounts and devices. The company also recommended that organizations inspect all HTTP and HTTPS traffic, including traffic within cloud apps, for any evidence of malicious activity. 

A December 2022 KLAS report showed that security remains a top priority for health IT vendors when considering public cloud adoption. As more HIT vendors embrace both cloud infrastructures and cloud-based applications for day-to-day operations, it is crucial to consider security every step of the way.

In an analyst note, the HHS Health Sector Cybersecurity Coordination Center (HC3) detailed cloud security risks and urged healthcare organizations to address issues surrounding shadow IT, misconfiguration, and cloud hijacking.

“Threats facing the cloud can vary, but the biggest concerns exist with internal threats such as human error, external threats from malicious actors, and the infrastructure itself,” the analyst note stated.

“Since the cloud exists off-site the conventional methods of protection aren’t always effective. When protecting the cloud, we are attempting to secure the network, recover data, minimize human error, and reduce the overall impact of a compromise.”

Despite these concerns, cloud-based technology can have great benefits to healthcare organizations. However, it is crucial to balance these benefits with carefully considered security measures in order to mitigate risk.

Next Steps

Dig Deeper on Health data threats