Cloud security has grown into a major issue for enterprises, as only one company in six encrypts all data, according to a Bitdefender survey. While 85% of CISOs fear security flaws in the public cloud, as many as 51 percent of enterprises don’t properly secure their cloud storage services, according to RedLock, leaving their data exposed to hackers.
Just last month, some 48 million personal profiles scraped by LocalBlox for advertising purposes from websites including Facebook, LinkedIn and Twitter were accessible to anyone on the internet due to configuration errors in Amazon Web Services (AWS) S3 buckets. And this was not an isolated case; the Pentagon, Tesla, Verizon and Dow Jones are among other organizations that have also fallen victim to data breaches as a result of security loopholes in their cloud storage services.
A single vulnerable application on the server is enough to give cybercriminals a perfect entry point. Cloud storage services along with SAAS/webmail providers are among the most targeted by phishing campaigns, especially in the finance sector, found the Anti-Phishing Working Groups.
A malicious actor can take advantage of misconfigured settings to get unauthorized access to the infrastructure and compromise it. In the past year, 51 percent of enterprises did not properly secure their cloud storage services, RedLock found. Organizations are excited about cloud services because they allow them to back up large amounts of big data at smaller rates. Even though businesses are widely adopting the cloud, they completely neglect security and privacy, allowing the attack surface to expand. Cryptojacking incidents, for instance, have grown by 8 percent in Q2 2018, with 25 percent of companies reporting this type of attack.
Some servers don’t even have passwords, not to mention more sophisticated security layers, which is probably why 27 percent of companies, including Uber, Tesla, OneLogin, Aviva, and Gemalto, confirmed their accounts and sensitive information were compromised, according to the same research. What’s more, some 24 percent are exposed to major security risks because their public cloud has not been patched. Over the past 12 months, vulnerabilities in cloud security infrastructure have already compromised MongoDB, Elasticsearch, Intel and Drupal, and more will follow because companies opt for hybrid cloud strategies that require a sophisticated security architecture.
“We understand why there might be fatigue with endless reports on IT infrastructures that lack adequate security, and there are signs that corporations are stepping up initiatives to minimize vulnerabilities, but there’s definitely more to do,” said Gaurav Kumar, CTO of RedLock and head of the CSI team.
“That’s why this report not only shines a light on emerging dangers but also offers concrete advice on how best to ward off attacks. Cloud computing environments bring tremendous flexibility and great economies of scale, but those advantages are meaningless without top-level security. This is a constant and shared responsibility.”Corporate databases are not properly encrypted. The industry did not really need a study to determine this, but some validation is always welcome to hopefully make enterprises more security-conscious. With GDPR right around the corner, it appears more companies are struggling to secure their networks to be compliant and fend off incidents.