Report: Cloud hackers are only 3 steps away from ‘crown jewel’ data

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

The massive acceleration in cloud deployment fueled by the pandemic has continued unabated. Gartner predicts that worldwide spending on public cloud services will grow 20.4% to total $497.4 billion in 2022 and expects it to reach nearly $600 billion in 2023. This massive adoption comes with new security challenges.

To examine those challenges, the Orca Security Research Pod analyzed cloud workload and configuration data captured from billions of cloud assets on AWS, Azure and Google Cloud from January 1–July 1, 2022. The findings show that in the rush to move resources to the cloud, organizations struggle to keep up with ever-expanding cloud attack surfaces and increasing multicloud complexity. The current shortage of cybersecurity skilled staff is further worsening the situation.

Threat actors have a clear advantage as the research found that once they gain access to an organization’s cloud environment, they only need to find three connected and exploitable weaknesses in a cloud environment to get to a “crown jewel” asset, such as personally identifiable information (PII) or credentials that allow root access.

The top initial access point that hackers exploit to get so close to crown jewel data are known vulnerabilities (CVEs) that are not patched promptly (78% of attack paths). This underscores the need for organizations to prioritize vulnerability patching. However, since it is simply not feasible for teams to fix all vulnerabilities, it is essential to remediate strategically by understanding which vulnerabilities pose the greatest danger to the company’s crown jewels so they can be fixed first.


MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

Image source: Orca Security.

The research further shows that organizations leave plenty of opportunities for threat actors to progress down the attack path, as 75% have at least one asset that enables lateral movement to another asset. And cyberattackers have more than enough time to complete the three hops as it takes organizations an average of 18 days to mitigate an imminent compromise alert.

Commenting on the research, Fernando Montenegro, senior principal analyst at Omdia, stated, “Orca Security’s State of Public Cloud Security report is interesting as it highlights the breadth of issues affecting organizations now working on cloud environments. Of particular note, it rightfully calls out issues such as identifying sensitive resources, paying close attention to identity and access considerations, and considering the different attack paths an adversary may be able to use.”

The Orca Research Pod compiled this report by analyzing data captured between January 1–July 1, 2022, from billions of cloud assets on AWS, Azure and Google Cloud scanned by the Orca Cloud Security Platform.

Read the full report from Orca Security.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.