Page 66 - Cyber Defense eMagazine for September 2020
P. 66

authentication and password protections. As organizations continue to make easy security mistakes in
            their  public  cloud  deployments,  hackers  are  finding  new  ways  to  wreak  havoc  on  companies  most
            valuable assets, and their customers.

            We  have  seen  many  recent  examples  of  data  breaches  resulting  from  easy-to-prevent  cloud
            misconfigurations. I like to point to last year’s data breach of a Mexico-based media company, Cultura
            Colectiva, which had 540 million Facebook records stored on an open S3 bucket—accessible to anyone
            on the internet. Equifax is another example of a high-profile company that suffered a massive data breach
            in 2017 due to a neglected, unpatched web server, resulting in a $700 million fine from the FTC.

            With these examples, let’s take a closer look at the most common vulnerabilities found in organizations’
            public cloud estates, and the steps they can take to prevent future data breaches.



            Neglected Workloads are the Weak Link

            For organizations migrating on-premise workloads to public cloud environments, our research found that
            the  security  of  internal  workloads  is  much  worse  than  frontline  workloads.  More  than  77  percent  of
            organizations surveyed have at least 10 percent of their internal workloads in a neglected security state.
            This means that the application’s operating systems were either left unpatched or unsupported by current
            updates. Meanwhile, nearly 60 percent have at least one neglected internet-facing workload that falls into
            the unsupported OS category. Furthermore, 49 percent of organizations have at least one unpatched
            web server within their public cloud environment.











































            Cyber Defense eMagazine – September 2020 Edition                                                                                                                                                                                                         66
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   61   62   63   64   65   66   67   68   69   70   71