According to the 2024 Tenable Cloud Risk Report, 38% of organizations in the Asia Pacific (Apac) face significant risks from a combination of misconfigurations, excessive permissions, and critical vulnerabilities, or what the exposure management company calls the “toxic cloud triad.”
“Any organization, no matter its size or industry, is at risk of a data breach if proper security measures aren’t in place,” Nigel Ng, SVP of Tenable APJ, said in a media advisory.
He emphasized the urgency of addressing the toxic cloud triad, saying it could lead to unauthorized access and control over crucial systems. The “toxic cloud triad” is a set of three cloud security risks that can cause serious data breaches and financial losses.
The report, based on an analysis of billions of cloud assets, found that many organizations have public cloud workloads that are both vulnerable and overexposed. For example, 74% of organizations have publicly exposed storage, often leaving sensitive data vulnerable to ransomware attacks. Also, 78% of businesses have publicly accessible Kubernetes servers, with many allowing inbound internet access.
Tenable also noted that 84% of companies use outdated or overly privileged access keys, posing an increased risk of credential misuse. Critical vulnerabilities such as CVE-2024-21626 remained unpatched in over 80% of cases, exposing systems to potential compromise.
To mitigate these risks, Tenable recommends businesses improve cloud visibility, limit user privileges, and patch critical vulnerabilities quickly.
“The toxic cloud triad is preventable,” said Ng, urging firms to take action to avoid severe breaches.