For some years, the cloud continues to prevail, so that the migrations of data from companies are more and more numerous. However, if it is generally synonymous with agility, adaptation, flexibility and innovation, it has also become the new target of cybercriminals. Attack techniques are more and more sophisticated, and data protection is not always strong enough.
Now, more and more people have access to corporate data stored in the cloud. This concerns on-site employees, but also remote employees, suppliers, distributors, partners and consultants, and even certain customers. This multitude of connection identifiers therefore becomes the holy grail for cybercriminals who thus develop their “cloud jacking” operations.
The threat landscape is growing more complex every year and 2022 should be no exception. The frequency, but especially the intensity of the attacks have greatly increased. The sophistication and targeting of attacks is more precise and, more importantly, the number of entities authorized to access this data contained in the cloud has multiplied.
You must know that 90% of vulnerabilities could be avoided if the security tools used were correctly configured. These are designed on the assumption that security teams know their cloud environments and are well versed in the tools and technologies. But as tools diversify and evolve, cybersecurity teams are not always able to keep up and adapt to all these changes. This therefore means that the tools used are no longer configured in the right way. Consequently, this causes security vulnerabilities that cyber-attackers will exploit through “cloud jacking”. Unfortunately, this also applies to tools for managing cloud access permissions, leading to greater asset compromise.
Technologies and methods such as machine learning can to helpbut mostly it’s about having a deeper, automated understanding of the environment the tools are going to be used in, and enabling easy adoption of security features without expecting too much from users.
Large cloud providers now realize that CISOs need greater visibility into security and compliance, and are therefore communicating more resources to them about applications, data, and infrastructure hosted in the cloud.