Hackers Increasingly Exploiting Cloud Misconfigurations
When Covid-19 exploded on the scene, companies rushed to send employees to work from home. In order to make essential business systems and applications available to remote workers, they also in some cases moved quickly to cloud based deployments.
To support these legions of remote workers and give them access to the applications they need to do their jobs, IT teams rapidly “lifted and shifted” applications from on premise to the cloud and may not have properly configured and secured the cloud based applications.
Companies who prior to the pandemic had some employees work from home usually only allowed it on properly secured company devices over a separate secure wi-fi connection. However, many remote workers are now are using personal devices to log on to the network and in some cases over unsecured WIFI; the attack surface has grown exponentially. Malicious actors know this and look to exploit these vulnerabilities.
Security Risks Due to Cloud Misconfigurations Exacerbated by Pandemic
Prior to the COVID-19 outbreak, companies were already at risk when moving to adopt cloud services due to not properly configuring and securing cloud environments. According to DivvyCloud research, nearly 33.4 billion records were exposed in breaches due to cloud misconfigurations in 2018 and 2019, amounting to nearly $5 trillion in costs to enterprises globally.
As organizations are now moving to the cloud in record numbers, and doing so quickly to support employees working from home, the number of cloud-related breaches is accelerating as attackers increasingly exploit misconfiguration issues, leading to increased costs and exposure of valuable information. This trend is expected to continue as more organizations move to the cloud.
Lack of Planning Leaves Organizations Wide Open For Security Breaches
A recent survey by Fugue.com revealed that “84% are concerned about new security vulnerabilities created during the swift adoption of new access policies, networks, and devices used for managing cloud infrastructure remotely.” The study goes on to say that cloud misconfiguration remains the number one cause of data breaches in the cloud. And, that knowing cloud infrastructure is secure at all times is already a major challenge for even the most sophisticated cloud customers and the current crisis is compounding the problem.
73% still rely on manual processes to detect and resolve misconfigurations
The Fugue study goes on to say that malicious actors use automation tools to scan the internet to find cloud misconfigurations within minutes of their inception, yet most cloud teams still rely on slow, manual processes to address the problem. 73% use manual remediation once alerting or log analysis tools identify potential issues, and only 39% have put some automated remediation in place. 40% of cloud teams conduct manual audits of cloud environments to identify misconfigurations.
This reliance on manual methods can lead to analysts overlooking or not focusing on the most important issues. Despite detections of cloud misconfigurations being uploaded to a log management and security analytics platform (SIEM) every 15 minutes, most are often overlooked by security analysts unless they are perceived to be highly important.
Secure Cloud Migration Needs AI Assisted SOAR
Now is the time to shore up security for cloud based applications and working from home, as many organizations are not rushing to bring workers back to the office. Given that hackers use automation tools to find and exploit misconfiguration almost as soon as they’re created, manual processes can not provide a proper defense. When adopting cloud services, companies also need to implement proper security measures with real time threat monitoring and intelligent automated incident response.
DTonomy’s AI Assisted Security Orchestration Automation and Response (SOAR) provides automated workflows for cloud security detection and remediation to keep up with cloud threat activity. Built in playbooks that leverage industry standards allow close monitoring of all cloud configurations such as S3 storage buckets, a popular place for attackers to exploit. Automated playbooks enable teams to discover, investigate and automatically take action and mitigate risk. A single easy to use platform enables more efficiency and collaboration across teams.
Don’t take our word for it …. schedule a demo to see it live!
