April 13, 2022

An increase in hybrid work has led to the rise of cloud applications and services, but careless security makes organizations vulnerable to cyberattacks.

Some of the measures that expose organizations that use cloud services include excessive permissions, poor password security (weak passwords, password re-use), and public exposure of cloud accounts.

According to a study conducted by Palo Alto Networks, 99% of cloud users, services, and resources have excessive permissions that are not needed by ordinary users. Hackers could use excess permissions to modify, create, or delete cloud environment resources. Also, it could be used to expand the scope of attacks.

53% of respondents confirmed the use of weak password security, which consists of less than 14 characters. 44% of cloud accounts allow users to reuse a password associated with another account.

Because cloud accounts are publicly exposed to the web through various misconfigurations, it makes it easier for a hacker to access details without authentication.

Security measures that organizations must take include properly configured IAM, unique passwords, and multi-factor authentication.

IT departments should also conduct the necessary investigations before granting administrator privileges to regular accounts.

The sources for this piece include an article in ZDNet.