IBM Security X-Force Report highlights 150% increase in vulnerabilities in cloud environments in the last 5 years
Companies are adopting a hybrid cloud approach for greater speed, agility and cost savings for business operations. While the flexibility of the hybrid cloud offers many security and privacy benefits, companies must also ensure they have the right policies and technologies in place that allow them to manage security well across this dispersed infrastructure.
IBM’s recent Global 2021 IBM Security X-Force Cloud Threat Landscape Report highlights that cybersecurity continues to be a pressing issue of the decade. Some of the key global findings from the report are:
· Configure it Out: 2 out of 3 breached cloud environments studied were caused by improperly configured APIs.
· Most Frequently Observed Attack Vectors: Misconfigurations, password spraying, and pivoting from on-premises infrastructure.
· Rulebreakers Lead to Compromise: X-Force Red found password and policy violations in the vast majority of cloud penetration tests conducted over the past year. The team also observed a significant growth in the severity of vulnerabilities in cloud-deployed applications. The number of disclosed these types of vulnerabilities increased 150% over the last five years.
· Automatic for the Cybercriminals: With nearly 30,000 compromised cloud accounts for sale at bargain prices on dark web marketplaces and RDP accounting for 70% of cloud resources for sale, cybercriminals have turnkey options to further automate their access to cloud environments.
· All Eyes on Ransomware & Cryptomining: Cryptominers and ransomware remain the top dropped malware into cloud environments, accounting for over 50% of detected system compromises, based on the data analyzed.
Hybrid cloud requires a new approach to security. Clients tell us they are looking for simplified security platforms and top services expertise to help them streamline their security operations across hybrid IT environments.
Viswanath Ramaswamy, Vice President, Technology, IBM Technology Sales, India/South Asia, said “In hybrid multi-cloud era, businesses face a multitude of cloud security challenges. Companies can mitigate their security risks by leveraging an open integrated security approach to provide a singular view and connect data across fragmented cloud environments. In addition, adopting a Zero trust approach, leveraging confidential computing to keep data private and creating and testing incident response plans will help businesses redefine cloud security without compromising on agility, performance and collaboration.”
Tips for Businesses to enhance their cloud security
Modernizing Security Infrastructure: Infrastructure complexity arising from fragmented cloud environments enables cybercriminals to exploit known, unpatched, vulnerabilities. Businesses can address this concern by leveraging security platforms that rely on open technologies and allow for tight integrations between tools while providing a singular view across cloud environments, such as IBM Cloud Pak for Security.
Rehearse and Test Your Incident Response Under Pressure: A detailed incident response plan along with regular simulations with the core team will help test the organization’s response to an incident.
Harden your cloud environments and include a zero-trust approach to your security strategy. As environments continue to expand, managing privilege access becomes paramount to ensure that users are only granted access to the data that is essential to their job. Organizations need to limit access to sensitive data and protect highly privileged accounts. In addition, businesses can leverage AI to monitor, detect and contextualize dynamic behaviors and movements across hybrid cloud environments, verify the legitimacy (or lack of) a threat and automate a response.
Assess potential risks introduced by third-party partners: Creating and implementing robust monitoring, access controls and security standards for third-party partners to abide will help reduce risks through third parties.
Leverage Multifactor Authentication (MFA): Leveraging MFAs offers businesses significant cybersecurity benefits by reducing the value of stolen or guessed passwords dramatically.
Use Confidential Computing to Keep your Data Truly Private: By encrypting data throughout the entire lifecycle, even if a bad actor gets their hands on it, they can’t exploit and monetize it.
Akamai reports Edge-Based Innovation to take Center Stage in Asia
According to Akamai, in a world transformed by COVID-19, edge computing will constitute on...
MongoDB brings pay-as-you-go offering in AWS Marketplace
MongoDB, Inc. announced that it will make it easier for customers to build, scale, and man...
Accenture Announces Extended Relationship with AWS and Joint Investments to Help Organizations Get to Cloud Value Faster
Accenture (NYSE: ACN) today announced the renewal of its joint business group with Amazon...
Tech Data along with IBM bringing value to the channel eco-system
Recently VARINDIA has organized an event with Tech data and IBM focussing on ‘Bid sm...
OPPO to Host OPPO INNO DAY 2021, first ever virtual INNO WORLD
OPPO announced it will host the annual OPPO INNO DAY on 14-15 December 2021 in Shenzhen, C...
Crestron Electronics organises "CresEmpower" in Ahmedabad for its consultants
Crestron Electronics organised a Training and Demo Session for its esteemed consultants of...