Palo Alto Networks, the global cybersecurity leader, today released the Unit 42 Cloud Threat Report, Volume 7. It looks at data collected over the past 12 months and provides a wide-angle view of the status of common misalignments, leaving the door open to malicious activity.
Unit 42 looked at more than 1,300 organisations to create this report and analysed the workloads in 210,000 cloud accounts/subscriptions/projects across all major CSPs. With the rate of cloud migration showing no sign of slowing down—from $370 billion in 2021 and predicted to reach $830 billion in 2025 – threat actors are looking to exploit common issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open source software packages.
Key findings from the report include:
- On average, security teams take 145 hours (approximately six days) to resolve a security alert, with 60% of organisations taking longer than four days to resolve security issues.
- 80% of the alerts are triggered by just 5% of security rules in most organisations’ cloud environments.
- 63% of the codebases in production have unpatched vulnerabilities rated high or critical on the Common Vulnerability Scoring System (CVSS ≥ 7.0)
- 76% of organisations don’t enforce Multifactor Authentication for console users, while 58% don’t enforce MFA for root/admin users.
- Sensitive data, such as personal identifiable information, financial records, or intellectual property, are found in 66% of storage buckets and 63% of publicly exposed storage buckets.
- 51% of codebases depend on more than 100 open-source packages. However, developers directly import only 23% of the packages.
“According to Gartner, spending on cloud services in Thailand is predicted to reach 40.8 billion baht in 2022, up 36.6% year-on-year. Thailand is one of the highly adopted countries in terms of digital transformation. The Cloud Threat Report demonstrates the significant amount of time it takes to resolve security issues, while threat actors typically need only a few hours to wreak havoc. All organizations should have business continuity and disaster recovery (BC/DR) plans that incorporate the process of recovering backups to protect against threats,” said Dr. Tatchapol Poshayaonda, Country Director of Palo Alto Networks Thailand and Indochina.
AIS reveals its business strategy for 2023 and beyond, focusing on the Ecosystem Economy concept
NTT DATA unveils Lending Platform to empower lending business
