Cloud Misconfigurations a Major Compliance Risk
Cloud misconfigurations are considered a data security risk by 95% of IT decision makers in the UK, according to a new study from Trend Micro. The findings highlight how human error is a major cause of organizations’ compliance problems and is obstructing their digital transformation.
Of those who regard cloud misconfiguration as a risk, 41% said it is a “great risk.” For those working in B2C, this rose to 57%, and in administrative or technical roles, 52%.
Nearly two-thirds (62%) of IT decision makers said they are extremely or very concerned about the legal and regulatory compliance implications of cloud threats like misconfiguration, and 27% stated they had experienced such an incident over the past year.
The most common forms of misconfiguration errors include leaving an unencrypted data store exposed to the public internet without any form of authentication required to access it, exposing data to all global users of the same cloud platform and leaving encryption keys and passwords in open repositories.
This provides cyber-criminals with opportunities to undertake nefarious activities such as stealing and ransoming data and installing malicious digital skimming code onto websites.
“From Capital One to the US government, the list of serious data leaks and breaches via misconfigured cloud systems is growing by the second. Trend Micro’s Cloud One – Conformity offering detects 230 million of these errors every single day,” commented Bharat Mistry, principal security strategist at Trend Micro.
“This tells us something important: organizations are struggling to find the in-house skills needed to keep pace with their complex hybrid and multi-cloud deployments. With just a few clicks of a mouse potentially exposing highly sensitive and regulated data, CISOs need to consider investments such as cloud security posture management to tackle escalating risk.”
There have been numerous instances of data being exposed due to cloud misconfiguration errors over recent years as more organizations store data in the cloud. Last month, thousands of domestic violence victims have had their emergency distress messages exposed after a developer misconfigured a back-end AWS bucket.
Want to get the best solution for your business?
At Tristar Tech Solutions, we take a realistic approach to technology – ensuring our client’s systems are best protected.
If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.
To book a consultation or to arrange a further discussion, please get in touch.
If you’re looking for IT support in Hertfordshire or IT support in North London, contact us today, and a member of our team would be more than happy to advise you.
News Source: https://www.infosecurity-magazine.com/