Nearly all firms have some kind of cloud misconfiguration issue
New research by Zscaler Threatlabz has found many businesses haven’t set up their cloud technologies correctly, potentially exposing themselves to some serious vulnerabilities and risk of cyberattacks.
The research analyzed more than 260 billion daily transactions globally across Zscaler’s platform, which uncovered some pretty disconcerting results.
Among the key findings were misconfigurations that had put almost all businesses at risk, as well as the lack of adoption of some pretty basic technology that goes a long way to protect users.
Data exposure on the cloud
The number of organizations that have “concerning” misconfigurations that cause “critical” risks to data and infrastructure sits at an alarming 98.6%. However, Zscaler stresses that these are merely misconfigurations and not vulnerabilities, meaning that with the correct care and attention, the risk could be minimized drastically.
It also found that 68% of companies had given external users admin permissions, which increases the risk of data exfiltration and exploits. While this isn’t a misconfiguration as such – as it’s likely intentional – businesses should carefully consider exactly who needs higher levels of permission.
The study also found that very few organizations employ basic protection in the form of multi-factor authentication (MFA) to privileged user accounts, which means that a leaked or otherwise exposed password could be all that a malicious user needs to gain access to sensitive company information.
Moving away from misconfigurations, Zscaler highlighted the number of companies who blatantly fail to apply basic ransomware controls for cloud storage (which sits at 59.4%), which could be a cost-saving effort that puts them at serious risk.
Overall, it’s clear that almost every business can take basic steps to protect its data before needing to fork out for expensive and more advanced tools.