Four out of five (80.3%) security vulnerabilities observed in organizations across all sectors come from a cloud environment, Palo Alto Networks’ Unit 42 found in its latest Attack Surface Threat Research.
The report, published on September 14, 2023, outlined the most common cloud security flaws, of which 60% come from web framework takeover (22.8%), remote access services (20.1%) and IT security and networking infrastructure (17.1%).
New Services Prove to Be a Big Issue
It also highlighted how constant changes in cloud offerings significantly impact the end-users' exposure.
The researchers found that over 45% of most organizations’ high-risk, cloud-hosted exposures in a given month were observed on new services that hadn’t been present on their organization's attack surface in the month prior.
This finding wouldn’t be too concerning if cloud providers weren’t so volatile. But they are: Unit 42 estimated that, on average, over 20% of externally accessible cloud services change monthly.
This volatility is even more acute in the transport & logistics and insurance & financial sectors, where organizations must deal with 27% and 24% of cloud offerings evolving on a monthly basis.
No tags.
