Cloud misconfiguration is a heightened cause of cyber attacks

According to threat detection and response specialist Vectra AI, businesses’ rapid migration to the cloud has meant secure configuration is “nearly impossible”, and every organisation that has deployed Amazon Web Services has experienced at least one security incident in its public cloud environment over the past year.

Amazon Web Services’ platform-as-a-service and infrastructure-as-a-service offerings have become increasingly vital components for many businesses as a result of the pandemic, largely because remote working demands the flexibility and scalability that these services can bring.

Vectra surveyed 317 IT executives and found that 64% of organisations are implementing new Amazon Web Services on a weekly or daily basis, with 71% using four or more services. The findings also found that 78% of organisations are running Amazon Web Services across multiple regions, and 40% in at least three.

This rapid adoption of these Amazon Web Services has led to the development of security blind spots within multiple organisations.

The report states that “surprisingly, the survey shows that 30% of organisations surveyed don’t have formal deployment sign-off before pushing to production, and 40% have shared that they don’t have a DevSecOps workflow.” Adding that 100% of the organisations surveyed had experienced a security incident on Amazon Web Services in the past year.

“This shows that the cloud has expanded to such an extent that configuring it securely is nearly impossible,” Vectra said. “And while a few applications can be configured to reach into the right services, with so many people having access to modify both the applications and services, the risk is multiplied by an order of magnitude.”

With the knowledge of Gartner’s prediction that over 99% of cloud breaches will be caused by customer misconfiguration by 2025, the report added: “The reality is that securely configuring the cloud will remain a daunting task due to the sheer size, scale and continuous changes in workloads and infrastructure.”

However, most companies are aware of their public cloud-related security deficiencies, as the report also found that 71% of them confirming that they needed monitoring and threat detection capabilities that go above what is currently available from providers such as Amazon Web Services.

Matt Pieklik, senior consulting analyst at Vectra, said: “Securing the cloud with confidence is nearly impossible due to its ever-changing nature,”

“To address this, companies need to limit the number of attack vectors malicious actors are able to take. This means creating formal sign-off processes, creating DevSecOps workflows and limiting the number of people that have access to their entire infrastructure as much as possible.

“Ultimately, companies need to provide security holistically, across regions and automate as many activities as possible to enhance their effectiveness.”