Report: Cloud hackers are only 3 steps away from ‘crown jewel’ data

by | Sep 16, 2022 | Technology

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

The massive acceleration in cloud deployment fueled by the pandemic has continued unabated. Gartner predicts that worldwide spending on public cloud services will grow 20.4% to total $497.4 billion in 2022 and expects it to reach nearly $600 billion in 2023. This massive adoption comes with new security challenges.

To examine those challenges, the Orca Security Research Pod analyzed cloud workload and configuration data captured from billions of cloud assets on AWS, Azure and Google Cloud from January 1–July 1, 2022. The findings show that in the rush to move resources to the cloud, organizations struggle to keep up with ever-expanding cloud attack surfaces and increasing multicloud complexity. The current shortage of cybersecurity skilled staff is further worsening the situation.

Threat actors have a clear advantage as the research found that once they gain access to an organization’s cloud environment, they only need to find three connected and exploitable weaknesses in a cloud environment to get to a “crown jewel” asset, such as personally identifiable information (PII) or credentials that allow root access.

The top initial access point that hackers exploit to get so close to crown jewel data are known vulnerabilities (CVEs) that are not patched promptly (78% of attack paths). This underscores the need for organizations to prioritize vulnerability patching. However, since it is simply not feasible for teams to fix all vulnerabilities, it is essential to remediate strategically by understanding which vulnerabilities pose the greatest danger to the company’s crown jewels so they can be fixed first.

MetaBeat 2022
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Article Attribution | Read More at Article Source

Share This