Human error and complex deployments are among the major cybersecurity threats in organizations, based on the findings of cloud security firm Trend Micro Inc. (Trend Micro) in its latest research.
Almost all, if not all, organizations anywhere in the world are now using the cloud is some form or the other. It means that security risks are higher because hackers could easily infiltrate websites and cloud-based networks that contain corporate or consumer data. However, as cloud platforms become more prevalent, IT and DevOps teams face additional concerns and uncertainties related to securing their cloud instances.
Researchers probed into key security weaknesses across critical areas of cloud-based computing. Trend Micro’s report reaffirms that “misconfigurations” are the primary cause of cloud security issues. Trend Micro Cloud One Conformity identifies 230 million misconfigurations on average each day, proving this risk is prevalent and widespread.
Have you read “Trend Micro creates factory honeypot, traps malicious attackers“?
“Cloud-based operations have become the rule rather than the exception, and cybercriminals have adapted to capitalize on misconfigured or mismanaged cloud environments,” said Greg Young, VP of cybersecurity for Trend Micro. “We believe migrating to the cloud can be the best way to fix security problems by redefining the corporate IT perimeter and endpoints. However, that can only happen if organizations follow the shared responsibility model for cloud security. Taking ownership of cloud data is paramount to its protection, and we’re here to help businesses succeed in that process.”
Hackers have been looking and exploiting misconfigurations then attack networks with various strategies including, but not limited to, cryptomining, e-skimming, data exfiltration, and ransomware.
Trend Micro also found that online tutorials may pose risks to some businesses “leading to mismanaged cloud credentials and certificates.”
Trend Micro recommends several best practices to help secure cloud deployments:
Employ least privilege controls: restricting access to only those who need it.
Understand the Shared Responsibility Model: Although cloud providers have built-in security, customers are responsible for securing their own data.
Monitor for misconfigured and exposed systems: Tools like Conformity can quickly and easily identify misconfigurations in your cloud environments.
Integrate security into DevOps culture: Security should be built into the DevOps process from the start.