Protection from the latest generation of public cloud cyberattacks and regulatory compliance penalties requires a new level of visibility and security automation. The thousands of data storage service breaches publicized in the news have raised awareness of vulnerabilities caused through misconfigured “public” access, but cloud security breach tactics go far beyond this.
According to the 2019 Verizon Data Breach Investigations Report1, insider-initiated incidents now account for 34% of data breaches. Accidental data exposure through misconfigured storage services continues to plague organisations, with reports of airlines exposing the data on millions of passengers, and of leaked data from fortune 100 customers, including internal business documents, system passwords, sensitive employee information.
Data storage services with “private” mode enabled are still not safe. Recent high-profile attacks are said to have exposed 140,000 Social Security numbers and 80,000 bank account numbers, exploiting over-privileged IAM roles and instance permissions through a flaw in the WAF. These attacks retrieve IAM credentials via an SSRF vulnerability to access data and files in “private” mode.
Download your Business Case and find out more.