ChannelLife India - Industry insider news for technology resellers
India
Guides
#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes
Search
Story image
#
Cloud Security
#
IAM
#
Cybersecurity

Tenable report reveals widespread cloud security risks

Today
Author image
By Sean Mitchell, Publisher

Tenable has released new research indicating that 74% of organisations around the world have publicly exposed storage assets, a situation which increases their risk of being targeted by ransomware attacks.

The Tenable Cloud Risk Report 2024 highlights key vulnerabilities affecting cloud environments, identifying inappropriate permissions as a common reason for the exposure of sensitive data. The report analyses data from billions of cloud resources, collected between January and June 2024 through the Tenable Cloud Security platform.

One significant finding of the report is the prevalence of a "toxic cloud triad". This term refers to the combination of workloads that are highly privileged, publicly accessible, and critically vulnerable, affecting 38% of organisations. The report identifies these triads as common entry points for cybercriminals, leading to breaches, service outages, and operational disruptions, with many attacks traced back to these vulnerabilities in the past year.

Geoffrey Jakmakejian, Security Engineer Manager at Tenable ANZ, elaborated on the issue: "With 96% of organisations utilising public cloud assets, having full visibility into cloud environments is critical. It's just as important to determine whether an asset really needs to be made public. If it does, permissions should be downgraded to the minimum level necessary and patches applied promptly."

The report further examines identity and access management, revealing that a significant proportion of organisations, 84%, continue to use outdated access keys with high privilege levels. Such practices have already resulted in high-profile cybersecurity incidents, such as breaches at Capital One and Tesla, where attackers exploited overly permissive access to infiltrate systems.

The report draws attention to "The Growing Threat of Over-Privileged Identities", noting that 23% of cloud identities have unnecessary permissions. Specifically, AWS accounts for 35% of these instances, creating numerous opportunities for exploitation by hackers able to take control of these identities.

Despite warnings, critical vulnerabilities remain widespread. The report highlights that many organisations have left weaknesses unaddressed, using CVE-2024-21626 as an example of a container escape vulnerability which remains unpatched in over 80% of cloud workloads, emphasising the persistence of security gaps even after multiple alerts.

Kubernetes configurations also exhibit security blind spots, with 78% of organisations having publicly accessible Kubernetes API servers and 41% permitting inbound internet access. This, combined with over-privileged roles, significantly increases the risk of breaches.

The findings from Tenable's report underscore the need for organisations to reassess their cloud strategies, focusing on minimising permissions and enhancing patch management to ensure robust security within their cloud infrastructures.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
American Water breach highlights infrastructure vulnerabilities
CloudSEK unveils free tool to combat deep fake threats
Sophos unveils new XGS desktop firewalls & software
Commvault & Pure Storage unveil cyber readiness solution
CrowdStrike partners with firms to boost threat detection
Top stories
NinjaOne launches AI tool & appoints data VP Carusone
AI raises cybersecurity concerns in Asia Pacific region
PagerDuty unveils AI tools to boost incident management
AI & ML crucial for utilities facing demand challenges
Vertiv introduces high-power EnergyCore battery cabinets