Couldn’t attend Transform 2022? Check out all the top sessions in our on-demand library now! Look here.
The massive acceleration of cloud deployment, fueled by the pandemic, has continued unabated. Gartner predicts global public cloud services spending will grow 20.4% by 2022 to total $497.4 billion and expects to reach nearly $600 billion by 2023. This mass adoption brings new security challenges.
To explore those challenges, the Orca Protection Research Pod analyzed cloud workload and configuration data captured from billions of cloud assets on AWS, Azure, and Google Cloud from January 1 to July 1, 2022. The findings show that organizations, in the rush to move resources to the cloud, struggling to keep up with ever-expanding cloud attack surfaces and increasing multi-cloud complexity. The current shortage of skilled cybersecurity personnel further exacerbates the situation.
Threat actors have a clear advantage, as the research found that once they access an organization’s cloud environment, they only need to find three connected and exploitable vulnerabilities in a cloud environment to arrive at a “crown jewel” asset, such as personally identifiable information (PII) or credentials that allow root access.
The first entry point hackers use to get so close to the crown jewel data is known vulnerabilities (CVEs) that are not immediately patched (78% of attack paths). This underscores the need for organizations to prioritize patching vulnerabilities. Because it is simply not feasible for teams to fix all vulnerabilities, it is essential to correct strategically by understanding which vulnerabilities pose the greatest threat to the company’s crown jewels so that they can be fixed first.
MetaBeat will bring together thought leaders to offer advice on how metaverse technology will change the way all industries communicate and do business October 4 in San Francisco, CA.
The research further shows that organizations leave many opportunities for threat actors to advance on the attack path, as 75% have at least one asset that allows lateral movement to another asset. And cyber attackers have plenty of time to complete the three hops, as it takes organizations an average of 18 days to mitigate an impending compromise warning.
Commenting on the survey, Fernando Montenegrosenior principal analyst at Omdia, said: “Orca Security’s State of Public Cloud Security report is interesting because it highlights the scope of the issues organizations are now facing with cloud environments. Of particular importance is that it rightly raises issues such as identifying sensitive resources, paying attention to identity and access considerations, and considering the various attack paths an adversary may use.
The Orca Research Pod compiled this report by analyzing data captured between January 1 and July 1, 2022, from billions of cloud assets on AWS, Azure, and Google Cloud scanned by the Orca Cloud Security Platform.
Read the full report from Orca Security.
The mission of VentureBeat is a digital city square for tech decision makers to learn about transformative business technology and transactions. Discover our briefings.