Cloud Misconfiguration – 2023 Threat Prediction

According to a recent report, cloud misconfiguration accounts for 15% of cybersecurity breaches.

This is particularly frustrating when you consider that information technology should be aiding your organisation and not being used to hinder it. Cloud misconfigurations can occur from default system credentials, overly generous user permissions, with a lack of control around data usage and access being easily remediated, but many organisations struggle to identify where these problems exist. 

2023 And Beyond

As cloud environments become more complex and multi-cloud usage becomes more common, human error is more likely to cause cloud misconfigurations and cybersecurity breaches in 2023. A laser focus on ease of access often results in cybersecurity being an afterthought.  

Our View

Cloud misconfiguration errors can be caused by a lack of knowledge around the basic principles of configuring access privileges, compounded by the misplaced beliefs that cloud providers are responsible for total platform security. Compliance at initial set-up does not mean that your cloud systems continue to remain compliant in the future. New standards, changes to security features, and organic growth of your cloud infrastructure can easily put you back into a position of non-compliance. This is a continuous improvement process.  

“Mitigating cloud misconfiguration will continue to remain a daunting task for any organisation due to the ever-increasing sizes of cloud deployments, their complexity, and the cloud’s ever-changing landscape. The pandemic has seen the expansion of remote/hybrid work which makes it even more challenging to keep up with the threats to a cloud platform. There are security options already provided, however, these may not be enabled by default or tested before being rolled out within a production environment. Furthermore, these options change and are updated regularly. The lack of oversight due to human error will lead to further misconfigurations and will remain the main cause of cloud data breaches in 2023.” – Arjun Pednekar, CREST Fellowship and CTO of Cognisys.  

Mitigation Advice

  1. Automate security configuration checks to reduce human error.  
  2. Regular risk assessments should be conducted to understand and mitigate new risks due to changes in the landscape. 
  3. Conduct a third-party review of your baseline configuration from trusted cloud security experts. 
  4. Provide training to Cloud administrators on the awareness of security enhancements available within the platform. 
  5. Regular penetration tests and configuration review. Periodic review of the access rights and permissions assigned to cloud users 

For more information on how to mitigate this threat, get in touch with us at info@cognisys.co.uk.

Subscribe to receive the latest cyber insights

RECENT UPDATES

Kara Connect

CASE STUDY

Simplified ISO 27001 Certification: Case Study with Kara Connect

Learn how Kara Connect attained ISO 27001 certification with our guidance, overcoming challenges, streamlining processes, and fostering client trust.

Biggest Cyber Attacks of March

NEWS

Top 8 biggest cyber attacks of March 2024

Insights and trends from recent UK cyber threats and breaches from March.

How to protect against AiTM/Evilginx phishing attacks

TIPS

How to protect against AiTM/Evilginx phishing attacks

A deep dive into the Attacker-in-the-Middle (AiTM) threat, spotlighting EvilGinx2. Discover how to protect against phishing and thwart AiTM attacks with essential strategies.