IBM’s security arm, X-Force, released their latest Cloud Security Threat Landscape report for Q2 2020 to Q2 2021.
They said that two out of three breached cloud environments observed by them would likely have been prevented by more robust hardening of systems, such as better software security practices (called policies) and better patching.
They also said that when they sampled cloud environments during penetration testing, in every case they found issues with either credentials or policies.
They also said that API configuration and security issues, remote exploitation and accessing confidential data were common ways for threat actors to take advantage of lax cloud security.
The researchers said that they believe that over half of recent breaches come down to shadow IT – software that is not managed by IT.
Misconfiguration, API errors or exposure, and other bad cloud security practices have led to a booming market for access to cloud environments. According to IBM, 71% of ads listed in an underground forum – out of close to 30,000 ads – offer remote desktop access for criminal purposes.
Is your cloud environment secure? Are you sure?