Cloud Misconfiguration – 2023 Threat Prediction

According to a recent report, cloud misconfiguration accounts for 15% of cybersecurity breaches.

This is particularly frustrating when you consider that information technology should be aiding your organisation and not being used to hinder it. Cloud misconfigurations can occur from default system credentials, overly generous user permissions, with a lack of control around data usage and access being easily remediated, but many organisations struggle to identify where these problems exist. 

2023 And Beyond

As cloud environments become more complex and multi-cloud usage becomes more common, human error is more likely to cause cloud misconfigurations and cybersecurity breaches in 2023. A laser focus on ease of access often results in cybersecurity being an afterthought.  

Our View

Cloud misconfiguration errors can be caused by a lack of knowledge around the basic principles of configuring access privileges, compounded by the misplaced beliefs that cloud providers are responsible for total platform security. Compliance at initial set-up does not mean that your cloud systems continue to remain compliant in the future. New standards, changes to security features, and organic growth of your cloud infrastructure can easily put you back into a position of non-compliance. This is a continuous improvement process.  

“Mitigating cloud misconfiguration will continue to remain a daunting task for any organisation due to the ever-increasing sizes of cloud deployments, their complexity, and the cloud’s ever-changing landscape. The pandemic has seen the expansion of remote/hybrid work which makes it even more challenging to keep up with the threats to a cloud platform. There are security options already provided, however, these may not be enabled by default or tested before being rolled out within a production environment. Furthermore, these options change and are updated regularly. The lack of oversight due to human error will lead to further misconfigurations and will remain the main cause of cloud data breaches in 2023.” – Arjun Pednekar, CREST Fellowship and CTO of Cognisys.  

Mitigation Advice

  1. Automate security configuration checks to reduce human error.  
  2. Regular risk assessments should be conducted to understand and mitigate new risks due to changes in the landscape. 
  3. Conduct a third-party review of your baseline configuration from trusted cloud security experts. 
  4. Provide training to Cloud administrators on the awareness of security enhancements available within the platform. 
  5. Regular penetration tests and configuration review. Periodic review of the access rights and permissions assigned to cloud users 

For more information on how to mitigate this threat, get in touch with us at

Subscribe to receive the latest cyber insights


Quix Case Study


0-300mph ISO 27001 at F1 speed: Quix’s success story

Learn how Quix teamed up with Cognisys for their ISO 27001 certification, overcoming challenges through strategic collaboration for compliance and success.

Biggest Cyber Attacks of April


The biggest cyber attacks and vulnerabilities of April 2024

Insights and trends from recent cyber threats and vulnerabilities from April.

Investing wisely: the justification for consultant-led compliance projects in business


Investing wisely: the justification for consultant-led compliance projects in business

In this blog post we’ll explore the compelling justifications for businesses to opt for a consultant-led compliance project rather than navigating the compliance labyrinth on their own.