Vital Necessity Of Cloud Computing Highlights Security Risks

Uploaded on 2020-07-29 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms, TECHNOLOGY--Resilience

The vital necessity of cloud computing for both business and the general population is likely to accelerate market growth. With the frequency of online breaches and technological attacks on the rise, security maintenance has become the key point of focus. 

Companies have to take vital precautions before the onset of cyber risk. 

A newly released report by the leading cloud security specialist Orca Security on the State of Cloud Security In 2020 says that almost 80 percent of organisations have at least one neglected, Internet-facing workload, meaning it’s running on an unsupported operating system or has remained unpatched and insecure for 180 days or more. 

When an organisation elects to store data or host applications on the public cloud, it loses its ability to have physical access to the servers hosting its information. As a result, potentially sensitive data is at risk from insider attacks. Insider attacks are the sixth biggest threat in cloud computing. 

The recent statistics explain that there exist some organisations that have employed cloud-based security solutions. Around 90% of companies are deploying cloud-based services. 

Only 12% of global IT sectors understand how General Data Protection Regulation (GDPR) will affect the cloud services. 66% of IT engineers say that security was the biggest concern when they adopted the cloud computing platform.

The Orca Security Report explains that:

  • Attackers look for vulnerable frontline workloads to gain entrance to cloud accounts and expand laterally within the environment. While security teams need to secure all public cloud assets, attackers only need to find one weak link.
  • Weak security authentication is another way that attackers breach public cloud environments. The Orca Security study found that authentication and password storage issues are commonplace.
  • Almost 25% of organisations aren’t using multi-factor authentication to protect one of their cloud account’s root, super admin users.
  • Almost half of organisations have internet-facing workloads containing secrets and credentials, posing a risk of lateral movement.
  • 60 percent of organisations have at least one neglected Internet-facing workload that has reached its end of life and is no longer supported by manufacturer security updates. Once past the Internet-facing workload and with keys-in-hand, cyber criminals traverse less secure internal machines in search of crown jewel data.
  • 77 percent of organisations have 10 percent or more of their internal workloads unpatched either for longer than 180 days or are no longer supported. 

Hackers take advantage of knowing that internal servers are less protected than external Internet-facing servers and that they can expand rapidly in search of critical data once inside a cloud estate and so cloud security is something all organisations must review and check systematically. 

Orca Security:     PR Newswire

You Might Also Read: 

The Future Of Ransomware Is In The Cloud:

 

« Home Working Cyber Security Toolkit
Hollywood Site Leaks Personal Data Of 260,000 Actors »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Aurec

Aurec

Aurec provides specialist recruitment and contracting services including ICT professionals.

CyberSecurityJobsite.com

CyberSecurityJobsite.com

CyberSecurityJobsite.com is a specialist job board designed to attract candidates working within Cyber Security, Information Security or Information Assurance.

e-Governance Academy (eGA)

e-Governance Academy (eGA)

eGA is a think tank and consultancy founded for the transfer of knowledge and best practice in e-governance, e-democracy and national cyber security.

Convercent

Convercent

We offer comprehensive and integrated compliance management, reporting, and analytics. A 360-degree view of compliance drives efficiency by aligning initiatives and data into a single dashboard.

Independent Security Evaluators (ISE)

Independent Security Evaluators (ISE)

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

ISA Global Cybersecurity Alliance (ISAGCA)

ISA Global Cybersecurity Alliance (ISAGCA)

Objectives of the ISA Global Cybersecurity Alliance include the acceleration and expansion of standards, certification, education programs, advocacy efforts, and thought leadership.

Revere Technologies

Revere Technologies

Revere Technologies is a pure-play cyber security solutions and services provider in Sub-Saharan Africa.

PSafe

PSafe

PSafe is a leading provider of mobile privacy, security, and performance apps. We deliver innovative products that protect your freedom to safely connect, share, play, express and explore online.

Aegis Security

Aegis Security

Aegis Security helps clients to secure their systems against potential threats through pre-emptive measures, such as security assessments, and cutting-edge solutions to security challenges.

Raiven Capital

Raiven Capital

Raiven Capital is a global early-stage technology venture capital fund. We focus on founder-led, driven companies on the leading edge of disruption.

Siren

Siren

Siren provides the leading Investigative Intelligence Platform to some of the world’s leading Law Enforcement, National Security and Cyber threat investigators.

Willyama Services

Willyama Services

Willyama Services is a certified Information Technology and Cybersecurity professional services business providing services to government and private sector clients.

Cyber Octet

Cyber Octet

Cyber Octet is an IT Solution, Security, Training and Services company. We provide training and services from Web Application Security to ISO 27001 implementation.

HTL Support

HTL Support

HTL Support, your trusted partner for comprehensive IT support in London. We specialize in delivering top-tier IT solutions tailored to both large enterprises and small businesses.

Argantic

Argantic

Argantic aims to help organisations thrive and reach their full potential in a modern cloud-centric era.