sb-nz logo
Story image

Trend Micro reveals misconfigurations are No. 1 cause of cloud security issues

09 Apr 2020

Trend Micro has today revealed findings from its recent research into cloud security, highlighting the roles of human error and complex deployments in ushering in potential avoidable cyber threats.

Multi and hybrid-cloud IT strategies are fast becoming the norm for mid to large organisations across the world, such that Gartner recently predicted that 75% of organisations in this range will employ these strategies.

And as recent history tells us, as IT systems become more prevalent and popular, so too do the scope of threats facing them. Cloud platforms today are no different.

The research released today by Trend Micro indicates that misconfigurations are the primary cause of cloud security issues. 

The company says it identifies 230 million misconfigurations on average each day – proof, it says, that this risk is prevalent and widespread.

"Cloud-based operations have become the rule rather than the exception, and cybercriminals have adapted to capitalise on misconfigured or mismanaged cloud environments," says Trend Micro vice president of cybersecurity Greg Young.

"We believe migrating to the cloud can be the best way to fix security problems by redefining the corporate IT perimeter and endpoints. 

“However, that can only happen if organisations follow the shared responsibility model for cloud security. Taking ownership of cloud data is paramount to its protection, and we're here to help businesses succeed in that process."

The research found threats and security weaknesses in several key areas of cloud-based computing, potentially putting credentials and company secrets at risk. 

Criminals capitalising on misconfigurations in these areas have subsequently targeted companies with ransomware, cryptomining, e-skimming and data exfiltration, according to Trend Micro.

The report also found tutorials purporting to have expertise on credential and authentication security have instead misled employees and IT teams, which Trend Micro says has led to mismanaged cloud credentials and certificates. 

IT teams can take advantage of cloud-native tools to help mitigate these risks, but they should not rely solely on these tools, the report concludes.

Trend Micro recommends these best practices to help secure cloud deployments:
  • Employ least privilege controls: restricting access to only those who need it.
  • Understand the Shared Responsibility Model: Although cloud providers have built-in security, customers are responsible for securing their own data.
  • Monitor for misconfigured and exposed systems: Tools like Conformity can quickly and easily identify misconfigurations in your cloud environments.
  • Integrate security into DevOps culture: Security should be built into the DevOps process from the start.
Story image
Pandemic sees organisations of all sizes and industries invest in CTI
There is opportunity for organisations to better manage their cyber-threat intelligence for greater security and threat intelligence effectiveness by adopting the right tools and processes.More
Story image
97% of organisations experienced a mobile threat in 2020 — report
93% of these attacks originated in a device network, which includes attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials.More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
Cybersecurity budgets still not keeping up with threats — report
Executive teams are failing to recognise the level of damage cyber-threats pose to organisations, according to Sophos — many of them taking a ‘conservative approach’ to cybersecurity expenditure.More
Story image
Fortinet: Hyperscaling networks? Hyperscale your security!
Jon McGettigan, Fortinet A/NZ Regional Director, explains why a broad, integrated and automated security fabric is the most effective strategy to protect users, apps and data in a hyperscaling environment.More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More