Enterprises by and large are not properly responding to the threats posed by hackers targeting the cloud, and the number of cyberattacks are only going to continue rising, according to a new report.
Cloud security firm RedLock says in a new report that companies continue to neglect cloud security policies, in part, because of sloppy business behavior. According to the report, more businesses are exposing critical data, neglecting to shore up vulnerabilities in the cloud and are failing to pay attention to how risky users are putting them at risk.
“Defending today’s complex public cloud computing environments requires a sophisticated approach,” the security team at RedLock concluded in the report, likening the ongoing struggle to defend the cloud from hackers to battles waged in HBO’s Game of Thrones. “The absence of a physical network boundary to the internet combined with the risk of accidental exposure by users with limited security expertise, increases the attack surface in the cloud by orders of magnitude.”
The RedLock team studied threats across public cloud computing from June to September as part of its annual cloud security report.
According to the report, 53 percent of organizations using public cloud storage providers like Amazon, Microsoft or Google have inadvertently exposed one or more services to the public. That’s an increase of 13 percent since May, the report notes, adding that data exposures are one the uptick despite a growing awareness.
“Organizations simply cannot rely on security awareness trainings for user to avoid these kind of mistakes,” the report said.
In addition, cloud vulnerabilities are continually being neglected. More than 80 percent of companies are not properly managing host vulnerabilities in the cloud, according to the report, which cited the Equifax data breach as an example of an unpatched vulnerability that gave hackers an path to steal data. In some cases, the report notes, companies are using vulnerability scanning tools but are failing to map the data to create a picture of the cloud-based threats.
Data leaks at enterprises are also on the rise, according to the report. The RedLock team discovered that 250 organizations were “leaking access keys and secrets for their cloud computing environments on internet-facing web servers,” which was at the root of a massive Viacom data breach.
The cloud security firm also highlighted that organizations are not properly responding to “risky users flying under the radar.” According to the report, 38 percent of organizations have active user accounts that have potentially been compromised.