Report finds companies continue to expose data through misconfigured cloud stora...
source link: https://siliconangle.com/2021/09/09/report-finds-companies-continue-expose-data-misconfigured-cloud-storage/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
For years now, companies exposing data via misconfigured cloud storage have been a dime a dozen. Over the last few years, reports of companies inadvertently sharing their data often came multiple times a week.
Exposed data typically included a company incorrectly setting the security of an Amazon Web Services Inc. S3 instance or an ElasticSearch installation. In some cases, it was simply a matter of a password not being set.
The occurrence of misconfigured cloud instances seems to have fallen. It could be a case of companies being aware of security issues around cloud storage and taking action accordingly.
But one thing that is clear: Companies continue to expose their data this way, according to findings outlined today by Rapid7 Inc. in its 2021 Cloud Misconfigurations Report.
The Rapid7 researchers studied 121 publicly reported data exposure incidents in 2020 to see if they could find some causes and circumstances. Of the 121 published incidents, 15 industries were represented among the affected organizations, with information, entertainment, professional and healthcare being the more represented in the data set.
In 2020, an average of about 10 incidents a month were reported and 62% of those incidents were discovered by citizen researchers rather than criminal attackers. Notably, 35% of those incidents were sourced from only two specific individual researchers.
The most commonly exposed data were datasets with credentials such as user names and passwords, personal financial information and healthcare information. The median data exposure was 10 million records, although one “mega breach” accounts for the exposure of more than 20 billion records.
AWS S3 buckets and ElasticSearch databases accounted for about 45% of all reported exposures throughout the year. The figures for both could be higher, since the researchers could not identify the compromised component in almost half of cases.
“To avoid suffering an incident from similar cloud misconfigurations, companies should prioritize the adoption of a new model of security that provides continuous enforcement of controls and ensures secure configurations of all cloud services,” the researchers wrote. “Note that this activity is not a ‘set it and forget it’ task, and all current and new cloud resources should be monitored and have policies enforced continually to avoid even a temporary exposure of these often dynamic environments.”
Photo: Wikimedia Commons
.jpg){kind=link}
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
Join Our Community
We are holding our third cloud startup showcase on Sept. 22. Click here to join the free and open Startup Showcase event.
“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK