Alert Logic has released the 2017 Cloud Security Report which analyzes real-world security data to identify cyber-attack trends in attacker behavior and security practices. The report findings are based on data from more than 3,800 cloud, on-premises, and hybrid cloud customers and more than two million security incidents was analyzed over an 18-month period.

Customers in the report data set represent a broad range of industries (452 unique SIC codes) and organization sizes, from small-to-medium-sized businesses to large-scale enterprises. Eighty two percent of customer deployments analyzed hosted workloads in the cloud – either on an Infrastructure-as-a-Service platform or hosted private cloud – and approximately one-third maintained on-premises or cloud hybrid infrastructure.

The report focuses predominately on OWASP Top 10 attack methods, while examining three other significant categories of attack methods – brute-force attacks, server-side ransomware, and undesirable outside reconnaissance. Key finding in the report indicate that: web applications are the soft underbelly of organizations; pure public cloud installations experienced the fewest security incidents; server-side ransomware represented only 2 percent of total incidents; and bad actors like content management systems and e-Commerce platforms.

The report also examines five industry verticals – Finance Services and Insurance; Health Services; Information Technology and Services; Production, Manufacturing, and Logistics, and Retail and Accommodation – to pinpoint prevalent attack vectors and patterns within those sectors.

The complete 2017 Cloud Security Report is available for download from Alert Logic.