Cloud Misconfiguration – 2023 Threat Prediction

According to a recent report, cloud misconfiguration accounts for 15% of cybersecurity breaches.

This is particularly frustrating when you consider that information technology should be aiding your organisation and not being used to hinder it. Cloud misconfigurations can occur from default system credentials, overly generous user permissions, with a lack of control around data usage and access being easily remediated, but many organisations struggle to identify where these problems exist. 

2023 And Beyond

As cloud environments become more complex and multi-cloud usage becomes more common, human error is more likely to cause cloud misconfigurations and cybersecurity breaches in 2023. A laser focus on ease of access often results in cybersecurity being an afterthought.  

Our View

Cloud misconfiguration errors can be caused by a lack of knowledge around the basic principles of configuring access privileges, compounded by the misplaced beliefs that cloud providers are responsible for total platform security. Compliance at initial set-up does not mean that your cloud systems continue to remain compliant in the future. New standards, changes to security features, and organic growth of your cloud infrastructure can easily put you back into a position of non-compliance. This is a continuous improvement process.  

“Mitigating cloud misconfiguration will continue to remain a daunting task for any organisation due to the ever-increasing sizes of cloud deployments, their complexity, and the cloud’s ever-changing landscape. The pandemic has seen the expansion of remote/hybrid work which makes it even more challenging to keep up with the threats to a cloud platform. There are security options already provided, however, these may not be enabled by default or tested before being rolled out within a production environment. Furthermore, these options change and are updated regularly. The lack of oversight due to human error will lead to further misconfigurations and will remain the main cause of cloud data breaches in 2023.” – Arjun Pednekar, CREST Fellowship and CTO of Cognisys.  

Mitigation Advice

  1. Automate security configuration checks to reduce human error.  
  2. Regular risk assessments should be conducted to understand and mitigate new risks due to changes in the landscape. 
  3. Conduct a third-party review of your baseline configuration from trusted cloud security experts. 
  4. Provide training to Cloud administrators on the awareness of security enhancements available within the platform. 
  5. Regular penetration tests and configuration review. Periodic review of the access rights and permissions assigned to cloud users 

For more information on how to mitigate this threat, get in touch with us at info@cognisys.co.uk.

Subscribe to receive the latest cyber insights

RECENT UPDATES

Wintro strengthens security foundation with ISO 27001 Certification via Digital Trust Accelerator

CASE STUDY

Wintro strengthens security foundation with ISO 27001 Certification via Digital Trust Accelerator

Learn how Wintro achieved their ISO 27001 with the Digital Trust Accelerator, boosting internal security and enterprise readiness.

The biggest cyber attacks and vulnerabilities from January 2024

NEWS

The biggest cyber attacks and vulnerabilities from January 2025

Insights and trends from recent cyber threats and vulnerabilities from January.

Investing in trust: The case for cyber security in ESG strategies

BLOG

Investing in trust: The case for cyber security in ESG strategies

Learn how aligning cyber security with ESG frameworks can build trust, drive stakeholder confidence, and transform security from a cost to a strategic investment.