Securing the Cloud: Don’t Fall Victim to Hacking - Spot and Fix These Flaws Now! | ZDNet
Securing the Cloud: Don’t Fall Victim to Hacking - Spot and Fix These Flaws Now! | ZDNet
The threat from hackers is getting worse – and ignorance isn’t an excuse for boardrooms any more
The threat from hackers is getting worse – and ignorance isn’t an excuse for boardrooms any more
Video Player is loading.
Play Video
PlaySkip BackwardSkip ForwardNext playlist item
Mute
Current Time 0:00
/
Duration 23:45
Loaded: 0.41%
00:00
Stream Type LIVE
Seek to live, currently behind liveLIVE
Remaining Time -23:45
1x
Playback Rate
Chapters
- Chapters
Descriptions
- descriptions off, selected
Captions
- captions settings, opens captions settings dialog
- captions off, selected
- Eng US
Share
Audio Track
- en (Main), selected
Fullscreen
This is a modal window.
Beginning of dialog window. Escape will cancel and close the window.
TextColorWhiteBlackRedGreenBlueYellowMagentaCyanOpacityOpaqueSemi-Transparent
Text BackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanOpacityOpaqueSemi-TransparentTransparent
Caption Area BackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanOpacityTransparentSemi-TransparentOpaque
Font Size50%75%100%125%150%175%200%300%400%
Text Edge StyleNoneRaisedDepressedUniformDrop shadow
Font FamilyProportional Sans-SerifMonospace Sans-SerifProportional SerifMonospace SerifCasualScriptSmall Caps
ResetDone
Close Modal Dialog
End of dialog window.
Close Modal Dialog
This is a modal window. This modal can be closed by pressing the Escape key or activating the close button.
This is a modal window. This modal can be closed by pressing the Escape key or activating the close button.
Share:
Direct LinkEmbed Code
Close Modal Dialog
Cloud applications and services are a prime target for hackers because poor cybersecurity management and misconfigured services are leaving them exposed to the internet and vulnerable to simple cyberattacks.
Analysis of identity and access management (IAM) polices taking into account hundreds of thousands of users in 18,000 cloud environments across 200 organisations by cybersecurity researchers at Palo Alto Networks found that cloud accounts and services are leaving open doors for cyber criminals to exploit – and putting businesses and users at risk.
The global pandemic pushed organisations and employees towards new ways of remote and hybrid working , with the aid of cloud services and applications. While beneficial to businesses and employees, it also created additional cybersecurity risks – and malicious hackers know this.
ZDNET Recommends
“With the pandemic-induced transition to cloud platforms over the past several years, malicious actors have had an easier time than ever following their targets into the cloud,” said John Morello, vice president of Prisma Cloud at Palo Alto Networks.
SEE: Cloud security in 2022: A business guide to essential tools and best practices
According to the research, 99% of cloud users, services and resources provide excessive permissions. In most cases, these permissions and administrator privileges aren’t needed by regular users, but there’s the risk that, if cloud accounts are compromised, cyber attackers could take advantage of excess permissions to modify, create or delete cloud environment resources, as well as moving around networks to help expand the scope of attacks.
Another practice that isn’t helping IT departments is poor password security , with the majority of cloud accounts – 53% – allowing weak passwords consisting of under 14 characters, while 44% of cloud accounts allow the user to re-use a password that is linked to another account.
Weak passwords are vulnerable to brute-force and credential-stuffing attacks , where cyber attackers use automated software to test weak passwords against accounts. Accounts will be at particular risk if the password used to secure them is especially common.
special feature
Password re-use also creates a risk for cloud accounts. If the user has had their password for a separate account leaked or hacked, attackers will test it against their other accounts. If it’s the same password, they’ll be able to access the cloud account, which puts the user and the rest of the corporate cloud services at risk from further attacks.
This risk is further exacerbated by cloud accounts being publicly exposed to the web in the first place. According to the research, almost two-thirds of organisations have cloud resources, such as buckets and databases, misconfigured in a way that means they can be accessed without the need for authentication at all.
That means that cyber criminals don’t even need to breach credentials to steal sensitive information, they just need the URL. Identifying these buckets and servers, and ensuring they are not exposed on the open web, is a must for cybersecurity teams.
For all cloud services, properly configured IAM can block unintended access, so make sure users are implementing complex, unique passwords – and their accounts should also be protected with multi-factor authentication .
IT departments should also consider whether regular accounts need administrator privileges. While a legitimate user with this level of access might not be considered a risk, an intruder with admin access has the keys to the entire cloud kingdom.
MORE ON CYBERSECURITY
- These old security vulnerabilities are creating new opportunities for hackers
- Want to boost your cybersecurity? Here are 10 steps to improve your defences now
- Two-factor authentication is a great idea. But not enough people are using it
- These researchers wanted to test cloud security. They were shocked by what they found
- Unsecured servers and cloud services: How remote work has increased the attack surface that hackers can target
Also read:
- [Updated] 2024 Approved Choosing Between OBS Studio and Bandicam for Screen Capture
- [Updated] In 2024, Get a Cleaner Look in Your Videos Quickly and Easily
- [Updated] In 2024, Take Your FB Visibility to New Heights Proven SEO Strategies Reviewed
- 2024 Approved Investment Guidelines for Effective YouTube Campaigns
- 3uTools Virtual Location Not Working On Lava Blaze Curve 5G? Fix Now | Dr.fone
- Beware: Latest Microsoft Upgrade Could Worsen After-Hours Stress - Insights From ZDNet
- Discover Lightspeed on OpenShift – The Intelligent AI Companion for Your Kubernetes Clusters | ZDNet
- Experts Choose the Leading Network Surveillance Software : Comprehensive Review and Selection Guide | TechInsight
- Full Guide to Unlock iPhone 8 Plus with iTunes | Dr.fone
- In 2024, How To Change Nubia Z50 Ultra Lock Screen Clock in Seconds
- In 2024, How to Transfer Data from Vivo V30 Lite 5G to Any iOS Devices | Dr.fone
- Linus Torvalds Discusses Rising Popularity of Rust & Importance of Linux Kernel in Modern Computing
- Prepare for Windows 10 EOL: Explore Five Essential Upgrades or Migrations Options Now | ZDNet Insights
- Reasons why Pokémon GPS does not Work On Vivo T2 Pro 5G? | Dr.fone
- Securing Your Mozilla Firefox Login Credentials: Mastering the Use of Main Passwords
- Top Recommended Mac Software - Insights From ZDNet
- Unveiling Red Hat’s Lightspeed: An Advanced AI Solution Tailored for Kubernetes Admins with OpenShift | ZDNet
- Title: Securing the Cloud: Don’t Fall Victim to Hacking - Spot and Fix These Flaws Now! | ZDNet
- Author: Matthew
- Created at : 2024-11-11 03:17:28
- Updated at : 2024-11-14 11:24:54
- Link: https://app-tips.techidaily.com/securing-the-cloud-dont-fall-victim-to-hacking-spot-and-fix-these-flaws-now-zdnet/
- License: This work is licensed under CC BY-NC-SA 4.0.