Vital Necessity Of Cloud Computing Highlights Security Risks

Uploaded on 2020-07-29 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

The vital necessity of cloud computing for both business and the general population is likely to accelerate market growth. With the frequency of online breaches and technological attacks on the rise, security maintenance has become the key point of focus. 

Companies have to take vital precautions before the onset of cyber risk. 

A newly released report by the leading cloud security specialist Orca Security on the State of Cloud Security In 2020 says that almost 80 percent of organisations have at least one neglected, Internet-facing workload, meaning it’s running on an unsupported operating system or has remained unpatched and insecure for 180 days or more. 

When an organisation elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially sensitive data is at risk from insider attacks. Insider attacks are the sixth biggest threat in cloud computing. 

The recent statistics explain that there exist some organisations that have employed cloud-based security solutions. Around 90% of companies are deploying cloud-based services. 

Only 12% of global IT sectors understand how General Data Protection Regulation (GDPR) will affect the cloud services. 66% of IT engineers say that security was the biggest concern when they adopted the cloud computing platform.

The Orca Security Report explains that:

  • Attackers look for vulnerable frontline workloads to gain entrance to cloud accounts and expand laterally within the environment. While security teams need to secure all public cloud assets, attackers only need to find one weak link.
  • Weak security authentication is another way that attackers breach public cloud environments. The Orca Security study found that authentication and password storage issues are commonplace.
  • Almost 25% of organisations aren’t using multi-factor authentication to protect one of their cloud account’s root, super admin users.
  • Almost half of organisations have internet-facing workloads containing secrets and credentials, posing a risk of lateral movement.
  • 60 percent of organisations have at least one neglected Internet-facing workload that has reached its end of life and is no longer supported by manufacturer security updates. Once past the Internet-facing workload and with keys-in-hand, cyber criminals traverse less secure internal machines in search of crown jewel data.
  • 77 percent of organisations have 10 percent or more of their internal workloads unpatched either for longer than 180 days or are no longer supported. 

Hackers take advantage of knowing that internal servers are less protected than external Internet-facing servers and that they can expand rapidly in search of critical data once inside a cloud estate and so cloud security is something all organisations must review and check systematically. 

Orca Security:     PR Newswire

You Might Also Read: 

The Future Of Ransomware Is In The Cloud:

 

« Home Working Cyber Security Toolkit
Hollywood Site Leaks Personal Data Of 260,000 Actors »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

TrustArc

TrustArc

TrustArc provide privacy compliance and risk management with integrated technology, consulting and TRUSTe certification solutions – addressing all phases of privacy program management.

Privitar

Privitar

Privitar is leading the development and adoption of privacy engineering technology enabling our customers to innovate and leverage data with an uncompromising approach to data privacy.

Resolver

Resolver

Resolver’s Integrated Risk Management platform helps plan and prepare your organization to limit the likeliness or impact of security risk and compliance events from occurring.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

Trulioo

Trulioo

Trulioo is a leading global identity and business verification company providing secure access to data sources worldwide to instantly verify consumers and businesses online.

CTERA Networks

CTERA Networks

CTERA provides cloud storage solutions that enable service providers and enterprises to launch managed storage, backup, file sharing and mobile collaboration services using a single platform.

Ntirety

Ntirety

Ntirety Managed Security Services offer enterprise businesses the advanced tools, processes, and support to ensure your infrastructure, networks, and mission-critical applications are secure.

GuardSight

GuardSight

GuardSight is a provider of specialized cybersecurity services to safeguard businesses, government, and remote workers against sophisticated cyber threats.

Unit21

Unit21

Unit21 helps protect businesses against adversaries through a simple API and dashboard for detecting and managing money laundering, fraud, and other sophisticated risks across multiple industries.

Technisanct

Technisanct

Technisanct works with Governments, especially Law Enforcement and Defence agencies, helping them in monitoring threats, managing their data and resolving their forensic needs.

Navisite

Navisite

Navisite is a combination of eight respected IT consulting and managed service providers that were brought together under the Navisite brand.

Noerr

Noerr

Noerr is one of the top European law firms with 500 professionals in Germany, Europe and the USA. We provide solutions to complex and sophisticated legal matters including cyber risks.

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

Saffron Networks

Saffron Networks

Saffron Networks is an ISO-certified company. We assure our clients of reliable solutions, specifically with the Security landscape and Enterprise Networking.

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.

Catalyst Campus For Technology & Innovation

Catalyst Campus For Technology & Innovation

Catalyst Campus is a collaborative ecosystem to create community, spark innovation and stimulate business growth.