April 19, 2023

Palo Alto Networks has released the seventh edition of its Unit 42 Cloud Threat Report, which provides a comprehensive overview of the current state of cloud security. The research assesses the security of over 1,300 organizations and the workloads in 210,000 cloud accounts/subscriptions/projects across all of the main Cloud Service Providers (CSPs).

According to the report, it takes an average of 145 hours (or almost six days) for security teams to handle a security alert, and 60% of firms wait more than four days to address security issues. Furthermore, in most firms’ cloud systems, just 5% of security rules produce 80% of warnings.

Furthermore, according to the research, 63% of codebases utilized contain serious or critical unresolved vulnerabilities, as graded by the Common Vulnerability Scoring System (CVSS 7.0). According to the research, sensitive data is found in 66% of storage buckets and 63% of publicly accessible storage buckets.

Also, 51% of codebases rely on more than 100 open-source packages, with just 23% being explicitly imported by developers. The rising usage of open-source software (OSS) on the cloud, on the other hand, adds supply chain vulnerabilities. Over 7,300 malicious OSS packages were discovered in all major package management registries.

Hard-coded credentials are still used by 83% of firms in their source control management systems, and 85% use them in virtual machine user data. Weak authentication practices continue, with 76% of businesses not requiring MFA for console users, 58% not requiring MFA for root/admin users, and 57% not requiring password symbols.

Publicly accessible cloud resources are also a risk, with 73% of firms exposing RDP to the public internet, 75% exposing SSH services, and 41% exposing database services.

The sources for this piece include an article in PaloAltoNetworks.