Security News > 2021 > May > Most organizations fail to fix cloud misconfiguration issues in a timely manner

Most organizations fail to fix cloud misconfiguration issues in a timely manner
2021-05-17 04:00

Reflecting the overwhelming amount of configurations practitioners must address, even when companies are aware of errors, most have not addressed the bulk of these issues in a timely manner.

"When you consider that a single cloud misconfiguration can expose organizations to severe cyber risk, such as data breaches, resource hijacking and denial of service attacks, the consequences of failing to address misconfiguration issues are all too real to ignore," said Assaf Morag, Lead Data Analyst with Aqua's Team Nautilus.

Less than 1% of enterprise organizations fixed all detected issues while less than 8% of SMBs fixed all detected issues.

More than 50% of all organizations receive alerts about misconfigured services with all ports open to the world, but only 68% of these issues were fixed, taking 24 days on average.

These findings point to numerous security posture issues across Infrastructure-as-a-Service and Platform-as-a-Service accounts, which suggests both a lack of understanding as well as an overwhelming number of issues requiring attention.

The report examines the mistakes that lead to five common types of cloud setting misconfigurations: storage misconfigurations, identity and access management misconfigurations, data encryption issues, exploitable services behind open ports, and container technology exploitation.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/WXUNzy33l8Y/