Vital Necessity Of Cloud Computing Highlights Security Risks

Uploaded on 2020-07-29 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

The vital necessity of cloud computing for both business and the general population is likely to accelerate market growth. With the frequency of online breaches and technological attacks on the rise, security maintenance has become the key point of focus. 

Companies have to take vital precautions before the onset of cyber risk. 

A newly released report by the leading cloud security specialist Orca Security on the State of Cloud Security In 2020 says that almost 80 percent of organisations have at least one neglected, Internet-facing workload, meaning it’s running on an unsupported operating system or has remained unpatched and insecure for 180 days or more. 

When an organisation elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially sensitive data is at risk from insider attacks. Insider attacks are the sixth biggest threat in cloud computing. 

The recent statistics explain that there exist some organisations that have employed cloud-based security solutions. Around 90% of companies are deploying cloud-based services. 

Only 12% of global IT sectors understand how General Data Protection Regulation (GDPR) will affect the cloud services. 66% of IT engineers say that security was the biggest concern when they adopted the cloud computing platform.

The Orca Security Report explains that:

  • Attackers look for vulnerable frontline workloads to gain entrance to cloud accounts and expand laterally within the environment. While security teams need to secure all public cloud assets, attackers only need to find one weak link.
  • Weak security authentication is another way that attackers breach public cloud environments. The Orca Security study found that authentication and password storage issues are commonplace.
  • Almost 25% of organisations aren’t using multi-factor authentication to protect one of their cloud account’s root, super admin users.
  • Almost half of organisations have internet-facing workloads containing secrets and credentials, posing a risk of lateral movement.
  • 60 percent of organisations have at least one neglected Internet-facing workload that has reached its end of life and is no longer supported by manufacturer security updates. Once past the Internet-facing workload and with keys-in-hand, cyber criminals traverse less secure internal machines in search of crown jewel data.
  • 77 percent of organisations have 10 percent or more of their internal workloads unpatched either for longer than 180 days or are no longer supported. 

Hackers take advantage of knowing that internal servers are less protected than external Internet-facing servers and that they can expand rapidly in search of critical data once inside a cloud estate and so cloud security is something all organisations must review and check systematically. 

Orca Security:     PR Newswire

You Might Also Read: 

The Future Of Ransomware Is In The Cloud:

 

« Home Working Cyber Security Toolkit
Hollywood Site Leaks Personal Data Of 260,000 Actors »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Mako Group

Mako Group

The Mako Group specializes in protection - providing security through auditing, testing, and assessments. And, we do it all with the highest quality standards possible.

Information-Technology Promotion Agency (IPA) - Japan

Information-Technology Promotion Agency (IPA) - Japan

IPA is an implementing agency in Japan with a role to address Information Security, IT Systems Reliability and IT Resource Development.

Trust in Digital Life (TDL)

Trust in Digital Life (TDL)

TDL is a membership association comprising companies, SMEs, universities and research institutes who exchange experience and insights to make digital services in Europe trustworthy and safe.

OneWelcome

OneWelcome

Onegini and iWelcome have merged to become OneWelcome, the largest European Identity Access Management Saas Vendor.

Computer Forensic Services

Computer Forensic Services

Computer Forensic Services are digital evidence specialists. Practice areas include Information Security, e-Discovery, Law Enforcement Support and Litigation.

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI)

Cyber Forensic & Investigation (CFI) is recognized as Thailand’s leader in cyber investigations and digital forensics.

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

Syracom

Syracom

syracom is a consultancy firm specialized in development of efficient business processes. With our expertise and IT competence, we develop tailored solutions for customers in various industries.

PointWire

PointWire

PointWire offers a range of cybersecurity solutions and services including Penetration Testing on various levels, as well as Intrusion Detection and Prevention Systems.

FluidOne

FluidOne

FluidOne are an award-winning Connected Cloud Solutions provider. We design tailored solutions to help customers and partners digitally transform their IT and communications.

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency (NCSA) - Thailand

National Cyber Security Agency of Thailand is responsible for coordinating and implementing national cybersecurity policies, strategies, and initiatives.

Anura

Anura

The world’s most accurate ad fraud solution protects your web assets by eliminating bots, malware and human fraud, ensuring your content is seen by real people.

ZEUSS

ZEUSS

ZEUSS is a diversified data center, cybersecurity, and green energy company.

CipherStash

CipherStash

CipherStash is a complete data governance and breach prevention platform.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.

Karthik Consulting (KC)

Karthik Consulting (KC)

Karthik Consulting is a technology service provider specializing in IT services for the U.S. federal government.