While the convenience and ease of public cloud technology has had a major impact on enabling scalable business operations to work from anywhere and increase productivity everywhere, the risks around using cloud technology are still slowly being realized and calculated by many organizations as they become aware of vulnerabilities and associated risks.
A majority of organizations have concerning misconfigurations that cause critical risks to data and infrastructure. This stat is alarming because the majority of cyberattacks on public clouds have been revealed to be due to misconfigurations rather than vulnerabilities. Cloud misconfiguration errors related to public access to storage buckets, account permissions, password storage and management, etc., have led to the exposure of billions of records.
Beyond misconfigurations and vulnerabilities, compromised accounts make up for 97% of organizations who use privileged user access controls without Multi Factor Authentication (MFA) enforcement. Gaining privileged account access to the cloud can enable hackers to bypass detection and launch varying types of attacks, yet many organizations still don’t properly limit the privileges or access of servicing users and accounts or enforce MFA verification.
Additionally, 59% of organizations do not apply basic ransomware controls for cloud storage like MFA Delete and versioning. Amazon S3 Versioning enables multiple object variants to be kept in the same bucket so that when a file is modified both copies are saved for future recovery, comparison, and fidelity verification.
These figures show that organizations have to take responsibility for configuring and maintaining their own cloud environment. While cloud environments are covered under a shared responsibility for security with the service provider, the proper configuration of these environments is the responsibility of every organization.