IBM Security X-Force Report highlights 150% increase in vulnerabilities in cloud environments in the last 5 years
Companies are adopting a hybrid cloud approach for greater speed, agility and cost savings for business operations. While the flexibility of the hybrid cloud offers many security and privacy benefits, companies must also ensure they have the right policies and technologies in place that allow them to manage security well across this dispersed infrastructure.
IBM’s recent Global 2021 IBM Security X-Force Cloud Threat Landscape Report highlights that cybersecurity continues to be a pressing issue of the decade. Some of the key global findings from the report are:
· Configure it Out: 2 out of 3 breached cloud environments studied were caused by improperly configured APIs.
· Most Frequently Observed Attack Vectors: Misconfigurations, password spraying, and pivoting from on-premises infrastructure.
· Rulebreakers Lead to Compromise: X-Force Red found password and policy violations in the vast majority of cloud penetration tests conducted over the past year. The team also observed a significant growth in the severity of vulnerabilities in cloud-deployed applications. The number of disclosed these types of vulnerabilities increased 150% over the last five years.
· Automatic for the Cybercriminals: With nearly 30,000 compromised cloud accounts for sale at bargain prices on dark web marketplaces and RDP accounting for 70% of cloud resources for sale, cybercriminals have turnkey options to further automate their access to cloud environments.
· All Eyes on Ransomware & Cryptomining: Cryptominers and ransomware remain the top dropped malware into cloud environments, accounting for over 50% of detected system compromises, based on the data analyzed.
Hybrid cloud requires a new approach to security. Clients tell us they are looking for simplified security platforms and top services expertise to help them streamline their security operations across hybrid IT environments.
Viswanath Ramaswamy, Vice President, Technology, IBM Technology Sales, India/South Asia, said “In hybrid multi-cloud era, businesses face a multitude of cloud security challenges. Companies can mitigate their security risks by leveraging an open integrated security approach to provide a singular view and connect data across fragmented cloud environments. In addition, adopting a Zero trust approach, leveraging confidential computing to keep data private and creating and testing incident response plans will help businesses redefine cloud security without compromising on agility, performance and collaboration.”
Tips for Businesses to enhance their cloud security
Modernizing Security Infrastructure: Infrastructure complexity arising from fragmented cloud environments enables cybercriminals to exploit known, unpatched, vulnerabilities. Businesses can address this concern by leveraging security platforms that rely on open technologies and allow for tight integrations between tools while providing a singular view across cloud environments, such as IBM Cloud Pak for Security.
Rehearse and Test Your Incident Response Under Pressure: A detailed incident response plan along with regular simulations with the core team will help test the organization’s response to an incident.
Harden your cloud environments and include a zero-trust approach to your security strategy. As environments continue to expand, managing privilege access becomes paramount to ensure that users are only granted access to the data that is essential to their job. Organizations need to limit access to sensitive data and protect highly privileged accounts. In addition, businesses can leverage AI to monitor, detect and contextualize dynamic behaviors and movements across hybrid cloud environments, verify the legitimacy (or lack of) a threat and automate a response.
Assess potential risks introduced by third-party partners: Creating and implementing robust monitoring, access controls and security standards for third-party partners to abide will help reduce risks through third parties.
Leverage Multifactor Authentication (MFA): Leveraging MFAs offers businesses significant cybersecurity benefits by reducing the value of stolen or guessed passwords dramatically.
Use Confidential Computing to Keep your Data Truly Private: By encrypting data throughout the entire lifecycle, even if a bad actor gets their hands on it, they can’t exploit and monetize it.
SAP 4W-Wizard selected by UN for OCHA
SAP SE announced that the United Nations Office for the Coordination of Humanitarian Affai...
TO THE NEW brings CK Lens, an AWS Cost Management Platform
TO THE NEW (TTN) has launched their new AWS Cloud Cost Analytics platform, CK Lens on the...
Blockchain Coinvestors Unveils Most Comprehensive List of Global Blockchain Unicorns
Blockchain Coinvestors, a leading blockchain venture fund-of-funds and coinvestment progra...
Tech Data along with IBM bringing value to the channel eco-system
Recently VARINDIA has organized an event with Tech data and IBM focussing on ‘Bid sm...
OPPO to Host OPPO INNO DAY 2021, first ever virtual INNO WORLD
OPPO announced it will host the annual OPPO INNO DAY on 14-15 December 2021 in Shenzhen, C...