Cloud Misconfiguration – 2023 Threat Prediction 

According to a recent report, cloud misconfiguration accounts for 15% of cybersecurity breaches. 

This is particularly frustrating when you consider that information technology should be aiding your organisation and not being used to hinder it. Cloud misconfigurations can occur from default system credentials, overly generous user permissions, with a lack of control around data usage and access being easily remediated, but many organisations struggle to identify where these problems exist.  

2023 And Beyond 

As cloud environments become more complex and multi-cloud usage becomes more common, human error is more likely to cause cloud misconfigurations and cybersecurity breaches in 2023. A laser focus on ease of access often results in cybersecurity being an afterthought.   

Our View 

Cloud misconfiguration errors can be caused by a lack of knowledge around the basic principles of configuring access privileges, compounded by the misplaced beliefs that cloud providers are responsible for total platform security. Compliance at initial set-up does not mean that your cloud systems continue to remain compliant in the future. New standards, changes to security features, and organic growth of your cloud infrastructure can easily put you back into a position of non-compliance. This is a continuous improvement process.   

“Mitigating cloud misconfiguration will continue to remain a daunting task for any organisation due to the ever-increasing sizes of cloud deployments, their complexity, and the cloud’s ever-changing landscape. The pandemic has seen the expansion of remote/hybrid work which makes it even more challenging to keep up with the threats to a cloud platform. There are security options already provided, however, these may not be enabled by default or tested before being rolled out within a production environment. Furthermore, these options change and are updated regularly. The lack of oversight due to human error will lead to further misconfigurations and will remain the main cause of cloud data breaches in 2023.” – Arjun Pednekar, CREST Fellowship and CTO of Cognisys.   


Mitigation Advice 

  1. Automate security configuration checks to reduce human error.   
  2. Regular risk assessments should be conducted to understand and mitigate new risks due to changes in the landscape.  
  3. Conduct a third-party review of your baseline configuration from trusted cloud security experts.  
  4. Provide training to Cloud administrators on the awareness of security enhancements available within the platform.  
  5. Regular penetration tests and configuration review. Periodic review of the access rights and permissions assigned to cloud users  


For more information on how to mitigate this threat, get in touch with us at 

Published On: December 1st, 2022 / Categories: Cognisys /

Lets have a chat

If you’re looking for an expert team to show you where your vulnerabilities are to enable you to instigate a more proactive security strategy, then get in touch with us, we’d be happy to help!

Cognisys Group Privacy Policy.