A pair of reports conducted separately by Google and Cado Security make it clear that when it comes to cloud security, the biggest issues are mundane lapses that cybercriminals have learned to exploit easily.
The Google report, for example, finds that credential issues account for more than 60 percent of compromises, followed by misconfigurations at 19 percent.
The Cado Security report identifies the Secure Shell (SSH) protocol (68 percent) followed by instances of the Redis data store (28 percent) as the services most commonly targeted by cybercriminals.
A desire for speed and convenience impact cloud security
The primary reason the attack vectors are exploited so often is that most cloud resources are provisioned by application developers with little to no cybersecurity expertise. It should not come as a surprise to anyone with a background in IT that developers are going to make mistakes. There are now many efforts underway to instill the best development, security, and operations (DevSecOps) practices within the application development community. Still, developers are always going to value speed and convenience more than cybersecurity. As such, it doesn’t look like the overall state of cloud security is going to improve any time soon.
One thing that is improving, however, is the ability to detect these issues hopefully before cybercriminals get around to exploiting them. The issue is that many of the organizations that are building and deploying applications in the cloud lack the resources and expertise required to acquire and manage these platforms themselves. That creates a unique opportunity for managed security services providers (MSSPs) to plug that cloud security gap.
Addressing most cybersecurity vulnerabilities means knowing the fundamentals
In general, cybersecurity researchers tend to focus too much on esoteric exploits. Every week there is a new potential vulnerability discovered that could be exploited. However, the vulnerabilities that are exploited most are still basically the same ones that have been exploited for the past 10 years. Cybercriminals are not going to go through the trouble of learning how to compromise a new vulnerability when the ones they already know how to exploit continue to work. An MSSP that focuses on cybersecurity fundamentals will be able to address 90 percent of the issues most customers today don’t address. This is mainly because they are not sure what to prioritize in what has become a sea of alerts that lack any meaningful context.
Rather than employing scare tactics to alert customers about new vulnerabilities, MSSPs are going to be a lot better off if they simply focus on economics. They can make remediating vulnerabilities that most organizations are unable to fix themselves into a routine service that is not much different from any other type of cleaning service. Organizations could do it themselves for less, but most service providers are going to do a better job. The challenge, as always, is far too many IT professionals still think they are better at cybersecurity than they really are, so in the absence of any help from a specialist, bad things inevitably happen.
Ultimately, MSSPs need to find a way to stage an intervention with organizations they hope to protect. Far too many of them simply don’t realize the extent to which they are harming themselves by creating necessary risks. The first step toward any type of recovery, of course, always starts with getting the patient to admit there is a problem.
Photo: Andrii Yalanskyi / Shutterstock
