- Google's Gemini Advanced gets a very useful ChatGPT feature - but how does it compare?
- This Pro-level Ring Spotlight Cam is $50, hitting its lowest price ever before Black Friday
- Comprehensive data management for AI: The next-gen data management engine that will drive AI to new heights
- Skip the ReMarkable: This color ePaper tablet does more for less money
- Cato Networks adds TLS inspection capabilities to SASE platform
Cloud Security Risks Surge as 38% of Firms Face Exposures
A new report has highlighted the growing risks associated with modern cloud environments, revealing that 38% of organizations globally face critical exposures from a dangerous combination of security gaps.
The Tenable Cloud Risk Report 2024 showed that these companies are at risk due to a “toxic cloud triad” involving publicly exposed, critically vulnerable and highly privileged cloud workloads.
This combination leaves them vulnerable to cyber-attacks that could result in application disruptions, system takeovers and costly data breaches.
The report, based on telemetry from billions of cloud resources, provides a detailed analysis of key cloud security issues during the first half of 2024.
These include misconfigurations, risky entitlements and persistent vulnerabilities in areas such as identities and permissions, storage, workloads and containers. The findings emphasize the urgent need for organizations to mitigate these risks to prevent devastating breaches.
The average cost of a data breach in 2024 is estimated to approach $5m.
Tenable Cloud Risk Report 2024: Key Findings
Some of the report’s most concerning findings include:
-
84% of organizations possessed access keys with excessive permissions that are unused or long-standing
-
23% of cloud identities – including human and non-human users – had critical or high-severity excessive permissions
-
80% of workloads remained vulnerable to CVE-2024-21626, a severe container escape vulnerability, even 40 days after its disclosure
Additionally, 74% of organizations have publicly exposed storage, often containing sensitive data, which has been linked to an increase in ransomware attacks. The report also noted that 78% of organizations have publicly accessible Kubernetes API servers, with 41% allowing inbound internet access.
“Our report reveals that an overwhelming number of organizations have access exposures in their cloud workloads of which they may not even be aware,” said Shai Morag, chief product officer at Tenable.
“It’s not always about bad actors launching novel attacks. In many instances, misconfigurations and over-privileged access represent the highest risk for cloud data exposures. The good news is, many of these security gaps can be closed easily once they are known and exposed.”
