Securing the Cloud: Don’t Fall Victim to Hacking - Spot and Fix These Flaws Now! | ZDNet

The threat from hackers is getting worse – and ignorance isn’t an excuse for boardrooms any more

The threat from hackers is getting worse – and ignorance isn’t an excuse for boardrooms any more

Video Player is loading.

Play Video

PlaySkip BackwardSkip ForwardNext playlist item

Mute

Current Time 0:00

/

Duration 23:45

Loaded: 0.41%

00:00

Stream Type LIVE

Seek to live, currently behind liveLIVE

Remaining Time -23:45

1x

Playback Rate

Chapters

• Chapters

Descriptions

• descriptions off, selected

Captions

• captions settings, opens captions settings dialog
• captions off, selected
• Eng US

Share

Audio Track

• en (Main), selected

Fullscreen

This is a modal window.

Beginning of dialog window. Escape will cancel and close the window.

TextColorWhiteBlackRedGreenBlueYellowMagentaCyanOpacityOpaqueSemi-Transparent

Text BackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanOpacityOpaqueSemi-TransparentTransparent

Caption Area BackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanOpacityTransparentSemi-TransparentOpaque

Font Size50%75%100%125%150%175%200%300%400%

Text Edge StyleNoneRaisedDepressedUniformDrop shadow

Font FamilyProportional Sans-SerifMonospace Sans-SerifProportional SerifMonospace SerifCasualScriptSmall Caps

ResetDone

Close Modal Dialog

End of dialog window.

Close Modal Dialog

This is a modal window. This modal can be closed by pressing the Escape key or activating the close button.

This is a modal window. This modal can be closed by pressing the Escape key or activating the close button.

Share:

Facebook Twitter

Direct LinkEmbed Code

Close Modal Dialog

Cloud applications and services are a prime target for hackers because poor cybersecurity management and misconfigured services are leaving them exposed to the internet and vulnerable to simple cyberattacks.

Analysis of identity and access management (IAM) polices taking into account hundreds of thousands of users in 18,000 cloud environments across 200 organisations by cybersecurity researchers at Palo Alto Networks found that cloud accounts and services are leaving open doors for cyber criminals to exploit – and putting businesses and users at risk.

The global pandemic pushed organisations and employees towards new ways of remote and hybrid working , with the aid of cloud services and applications. While beneficial to businesses and employees, it also created additional cybersecurity risks – and malicious hackers know this.

ZDNET Recommends

• Best VPN services
• Best security keys
• Best antivirus software
• The fastest VPNs

“With the pandemic-induced transition to cloud platforms over the past several years, malicious actors have had an easier time than ever following their targets into the cloud,” said John Morello, vice president of Prisma Cloud at Palo Alto Networks.

SEE: Cloud security in 2022: A business guide to essential tools and best practices

According to the research, 99% of cloud users, services and resources provide excessive permissions. In most cases, these permissions and administrator privileges aren’t needed by regular users, but there’s the risk that, if cloud accounts are compromised, cyber attackers could take advantage of excess permissions to modify, create or delete cloud environment resources, as well as moving around networks to help expand the scope of attacks.

Another practice that isn’t helping IT departments is poor password security , with the majority of cloud accounts – 53% – allowing weak passwords consisting of under 14 characters, while 44% of cloud accounts allow the user to re-use a password that is linked to another account.

Weak passwords are vulnerable to brute-force and credential-stuffing attacks , where cyber attackers use automated software to test weak passwords against accounts. Accounts will be at particular risk if the password used to secure them is especially common.

special feature

Cloud security: More critical than ever All the best tools and practices at your organization’s disposal won’t ensure an effective cloud security strategy if the tools are unfriendly and the practices daunting. Read now

Password re-use also creates a risk for cloud accounts. If the user has had their password for a separate account leaked or hacked, attackers will test it against their other accounts. If it’s the same password, they’ll be able to access the cloud account, which puts the user and the rest of the corporate cloud services at risk from further attacks.

• Best password managers: Maintain all your logins

This risk is further exacerbated by cloud accounts being publicly exposed to the web in the first place. According to the research, almost two-thirds of organisations have cloud resources, such as buckets and databases, misconfigured in a way that means they can be accessed without the need for authentication at all.

That means that cyber criminals don’t even need to breach credentials to steal sensitive information, they just need the URL. Identifying these buckets and servers, and ensuring they are not exposed on the open web, is a must for cybersecurity teams.

For all cloud services, properly configured IAM can block unintended access, so make sure users are implementing complex, unique passwords – and their accounts should also be protected with multi-factor authentication .

IT departments should also consider whether regular accounts need administrator privileges. While a legitimate user with this level of access might not be considered a risk, an intruder with admin access has the keys to the entire cloud kingdom.

MORE ON CYBERSECURITY

• These old security vulnerabilities are creating new opportunities for hackers
• Want to boost your cybersecurity? Here are 10 steps to improve your defences now
• Two-factor authentication is a great idea. But not enough people are using it
• These researchers wanted to test cloud security. They were shocked by what they found
• Unsecured servers and cloud services: How remote work has increased the attack surface that hackers can target

Also read: