Report: Cloud hackers are only 3 steps away from ‘jewel crown’ data

You can’t attend Transform 2022? View all summit sessions in our on-demand library now! See here.

The great acceleration in cloud The rollout prompted by the pandemic has continued unabated. Gartner predicts that worldwide spending on public cloud services will grow 20.4% to a total of $497.4 billion by 2022 and is expected to reach nearly $600 billion by 2020. 2023. This massive adoption comes with new security challenges.

To consider those challenges, Orca Security Research Pod analyzed cloud workloads and configuration data collected from billions of cloud assets across AWS, Azure, and Google Cloud between January 1 and July 1, 2022. find that in the rush to move resources to the cloud, organizations struggle to keep up with the ever-expanding cloud attack surface and increase the complexity of multiple clouds. The current shortage of network security skilled staff is making the situation worse.

Threat actors have a clear advantage as research finds that once they gain access to an organization’s cloud environment, they need only find three connected and exploitable weaknesses in the environment. cloud field to obtain “crown” assets, such as personally identifiable information (PII) or credentials that enable root access.

The top initial entry point that hackers exploit to get too close to crown data are known vulnerabilities (CVEs) that are not patched in time (78% of the attack path). This highlights the need for organizations to prioritize security patching. However, because fixing all vulnerabilities is simply not feasible, it is essential to strategically remediate by understanding which vulnerabilities pose the greatest danger to the company’s crown jewels. so they can be fixed first.


MetaBeat 2022

MetaBeat will bring together thought leaders to deliver guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

register here

Image source: Orca Security.

Research continues to show that organizations leave plenty of room for threat actors to progress down the attack path, as 75% have at least one asset that allows horizontal migration to another. And cyber attackers have more than enough time to complete the three steps as it takes organizations an average of 18 days to mitigate an impending compromise alert.

Research comments, Fernando Montenegro, senior principal analyst at Omdia, said: “The Orca Security Cloud Public Status Report is exciting because it highlights the broad range of issues affecting organizations currently. work in the cloud environment. Of particular note, it correctly addresses issues such as identifying sensitive resources, paying attention to identity and access considerations, and considering the different attack paths that attackers take. enemies can use. “

Orca Research Pod compiled this report by analyzing data collected between January 1 and July 1, 2022, from billions of cloud assets on AWS, Azure, and Google Cloud secured by the Platform. Orca cloud sweep.

Read Full report from Orca Security.

VentureBeat’s mission is a digital city square for technical decision-makers to gain knowledge of transformative enterprise technology and transactions. Explore our summary report.

Source link


Goz News: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably.

Related Articles

Back to top button