Protect Your Data: Avoid These Common Mistakes in Cloud Security That Attract Cyber Thieves | ZDNet
Protect Your Data: Avoid These Common Mistakes in Cloud Security That Attract Cyber Thieves | ZDNet
The threat from hackers is getting worse – and ignorance isn’t an excuse for boardrooms any more
The threat from hackers is getting worse – and ignorance isn’t an excuse for boardrooms any more
Video Player is loading.
Play Video
PlaySkip BackwardSkip ForwardNext playlist item
Mute
Current Time 0:00
/
Duration 23:45
Loaded: 0.41%
00:00
Stream Type LIVE
Seek to live, currently behind liveLIVE
Remaining Time -23:45
1x
Playback Rate
Chapters
- Chapters
Descriptions
- descriptions off, selected
Captions
- captions settings, opens captions settings dialog
- captions off, selected
- Eng US
Share
Audio Track
- en (Main), selected
Fullscreen
This is a modal window.
Beginning of dialog window. Escape will cancel and close the window.
TextColorWhiteBlackRedGreenBlueYellowMagentaCyanOpacityOpaqueSemi-Transparent
Text BackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanOpacityOpaqueSemi-TransparentTransparent
Caption Area BackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanOpacityTransparentSemi-TransparentOpaque
Font Size50%75%100%125%150%175%200%300%400%
Text Edge StyleNoneRaisedDepressedUniformDrop shadow
Font FamilyProportional Sans-SerifMonospace Sans-SerifProportional SerifMonospace SerifCasualScriptSmall Caps
ResetDone
Close Modal Dialog
End of dialog window.
Close Modal Dialog
This is a modal window. This modal can be closed by pressing the Escape key or activating the close button.
This is a modal window. This modal can be closed by pressing the Escape key or activating the close button.
Share:
Direct LinkEmbed Code
Close Modal Dialog
Cloud applications and services are a prime target for hackers because poor cybersecurity management and misconfigured services are leaving them exposed to the internet and vulnerable to simple cyberattacks.
Analysis of identity and access management (IAM) polices taking into account hundreds of thousands of users in 18,000 cloud environments across 200 organisations by cybersecurity researchers at Palo Alto Networks found that cloud accounts and services are leaving open doors for cyber criminals to exploit – and putting businesses and users at risk.
The global pandemic pushed organisations and employees towards new ways of remote and hybrid working , with the aid of cloud services and applications. While beneficial to businesses and employees, it also created additional cybersecurity risks – and malicious hackers know this.
ZDNET Recommends
“With the pandemic-induced transition to cloud platforms over the past several years, malicious actors have had an easier time than ever following their targets into the cloud,” said John Morello, vice president of Prisma Cloud at Palo Alto Networks.
SEE: Cloud security in 2022: A business guide to essential tools and best practices
According to the research, 99% of cloud users, services and resources provide excessive permissions. In most cases, these permissions and administrator privileges aren’t needed by regular users, but there’s the risk that, if cloud accounts are compromised, cyber attackers could take advantage of excess permissions to modify, create or delete cloud environment resources, as well as moving around networks to help expand the scope of attacks.
Another practice that isn’t helping IT departments is poor password security , with the majority of cloud accounts – 53% – allowing weak passwords consisting of under 14 characters, while 44% of cloud accounts allow the user to re-use a password that is linked to another account.
Weak passwords are vulnerable to brute-force and credential-stuffing attacks , where cyber attackers use automated software to test weak passwords against accounts. Accounts will be at particular risk if the password used to secure them is especially common.
special feature
Password re-use also creates a risk for cloud accounts. If the user has had their password for a separate account leaked or hacked, attackers will test it against their other accounts. If it’s the same password, they’ll be able to access the cloud account, which puts the user and the rest of the corporate cloud services at risk from further attacks.
This risk is further exacerbated by cloud accounts being publicly exposed to the web in the first place. According to the research, almost two-thirds of organisations have cloud resources, such as buckets and databases, misconfigured in a way that means they can be accessed without the need for authentication at all.
That means that cyber criminals don’t even need to breach credentials to steal sensitive information, they just need the URL. Identifying these buckets and servers, and ensuring they are not exposed on the open web, is a must for cybersecurity teams.
For all cloud services, properly configured IAM can block unintended access, so make sure users are implementing complex, unique passwords – and their accounts should also be protected with multi-factor authentication .
IT departments should also consider whether regular accounts need administrator privileges. While a legitimate user with this level of access might not be considered a risk, an intruder with admin access has the keys to the entire cloud kingdom.
MORE ON CYBERSECURITY
- These old security vulnerabilities are creating new opportunities for hackers
- Want to boost your cybersecurity? Here are 10 steps to improve your defences now
- Two-factor authentication is a great idea. But not enough people are using it
- These researchers wanted to test cloud security. They were shocked by what they found
- Unsecured servers and cloud services: How remote work has increased the attack surface that hackers can target
Also read:
- [New] Seamless Transitions The Top 6 Mac Apps to Cut Videos in Big Sur
- [Updated] First Steps in Photography Top Cameras of '24
- [Updated] In 2024, Recovering From a Mistaken TikTok Reload
- [Updated] The Top-Ten Webcam Enhancers Master Stream Quality
- [Updated] Unlock More Watchers Simple YouTube Growth Hacks for 2024
- As the Skills Shortage in Data Analytics Intensifies, Discover How a Forward-Thinking Enterprise Is Addressing It | ZDNET
- Busting Top 5 Fallacies Surrounding the Profitability of Data Sharing | TechWise Insights
- Can You Master Artificial Intelligence Without Technical Expertise? Understanding the Need for Varied Education in Complex Systems | ZDNET
- Capture Your Inspiration! Top 5 Pinterest Videos Without Cost for 2024
- Diagnosing and Repairing the Dark Display Problem on iPhones
- Fixing Netflix Problems on LG TV: A Comprehensive Guide with 19 Tips and Techniques
- Half of All Biz Marketers Now Leverage AI Tools: Insights From ZDNet
- IBM Survey Highlights Growing Skepticism Among Corporate Heads Towards IT - Discover the Factors | ZDNet
- Intel USB 3.0 Driver Download for Windows 11: Complete Guide
- Mastering Robust AI Watermarks: Expert Strategies Revealed by ZDNet
- The Real Deal on Pursuing a Career as a DevOps Professional – Pros, Cons & Challenges | TechInsights
- The Rising Popularity of Low-Code/No-Code Development: Understanding Who's Ready to Embrace It | Perspectives by ZDNET
- The way to recover deleted contacts on Realme Narzo 60 Pro 5G without backup.
- Transforming UI Interactions: The Rise of Generative AI and the End of Traditional Cursor Controls - Insights From ZDNet
- Title: Protect Your Data: Avoid These Common Mistakes in Cloud Security That Attract Cyber Thieves | ZDNet
- Author: Matthew
- Created at : 2024-11-09 06:29:42
- Updated at : 2024-11-14 10:40:13
- Link: https://app-tips.techidaily.com/protect-your-data-avoid-these-common-mistakes-in-cloud-security-that-attract-cyber-thieves-zdnet/
- License: This work is licensed under CC BY-NC-SA 4.0.