Application and database configuration errors and correct policy adoption could have prevented two-thirds of breaches in cloud environments seen by IBM from Q2 2020 through Q2 2021. That’s the key finding of the Cloud Security Threat Landscape Report 2021, prepared by the X-Force department at IBM.
Cloud capabilities are providing many corporate footholds for cyberactors, drawing attention to the tens of thousands of cloud accounts available for sale in illicit markets for a bargain. The report reveals that nearly 30,000 compromised cloud accounts are on display on the dark web, with sales offers ranging from a few dollars to over $15,000 (depending on geography, amount of account credit and account access level) and attractive refund policies to influence buyers’ purchasing power.
As cybercriminals remain steadfast in their search for unsuspecting ways to infiltrate today’s business, a new report from IBM Security X-Force highlights cybercriminals’ top tactics, the open doors users are leaving for them, and the growing market for cloud resources stolen in the dark network. The big lesson from the data is that companies still control their own destiny when it comes to cloud security. Configuration errors in applications, databases and policies may have prevented two-thirds of the breached cloud environments IBM noted in this year’s report.
The datasets used include dark web analytics, IBM Security X-Force team network penetration test data, IBM Security Services Metrics, X-Force incident response analysis, and X-Force threat intelligence research. This expanded dataset brought an unprecedented view of the entire technology heritage to make connections to improve security as the document says.
More and more companies are recognizing the business value of hybrid cloud and distributing their data across a diverse infrastructure. In fact, the 2021 Cost of a Data Breach Report found that breached organizations implementing a primarily public or private cloud approach suffered approximately $1 million more in breach costs than organizations with a hybrid cloud approach.: