Tenable has released its 2024 Cloud Risk Report, highlighting significant risks in modern Cloud environments. Of particular concern is the revelation that nearly 40% of organisations worldwide are leaving themselves highly exposed due to the “toxic Cloud triad” — a combination of publicly exposed, critically vulnerable, and highly privileged Cloud workloads. Each of these factors independently presents a security risk, but together they significantly increase the likelihood of cyber attackers gaining access.
The report highlights how misconfigurations, risky permissions, and vulnerabilities compound Cloud security risks. It provides detailed insights into the most pressing Cloud security issues observed in the first half of 2024, covering areas such as identities and permissions, workloads, storage resources, vulnerabilities, containers, and Kubernetes. It also offers guidance on how organisations can mitigate these risks to reduce exposure in their cloud environments.
Public exposure and excessive privileges in Cloud data significantly raise the risk of data breaches, while critical vulnerabilities further increase the chances of incidents. The report reveals that 38% of organisations have Cloud workloads meeting all three toxic Cloud triad conditions, creating a perfect scenario for attackers to exploit. Such attacks often result in severe consequences, including application disruptions, system takeovers, and DDoS incidents, frequently linked to ransomware. In 2024, the average cost of a single data breach is nearing $5 million.
Key findings from the report include:
- 84% of organisations have risky access keys to Cloud resources: A vast majority (84.2%) possess unused or outdated access keys with excessive permissions of critical or high severity, representing a serious security gap
- 23% of Cloud identities have critical or high severity excessive permissions: Analysis of Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure shows that nearly a quarter of Cloud identities, both human and machine, are over-privileged, posing significant risks
- Critical vulnerabilities persist: For example, CVE-2024-21626, a severe container escape vulnerability that could lead to server host compromise, remains unaddressed in over 80% of workloads 40 days after it was first reported
- 74% of organisations have publicly exposed storage: Three-quarters of organisations have publicly accessible storage assets, often containing sensitive data. This exposure, frequently caused by excessive permissions, has been linked to rising ransomware attacks
- 78% of organisations have publicly accessible Kubernetes API servers: Of these, 41% allow inbound Internet access. Additionally, 58% of organisations have cluster-admin role bindings, granting certain users unrestricted control over all Kubernetes environments
“Our report reveals that an overwhelming number of organisations have access exposures in their cloud workloads of which they may not even be aware,” said Shai Morag, Chief Product Officer, Tenable. “It’s not always about bad actors launching novel attacks. In many instances, misconfigurations and over-privileged access represent the highest risk for cloud data exposures. The good news is, many of these security gaps can be closed easily once they are known and exposed.”
The report is based on telemetry data from billions of Cloud resources across multiple public Cloud platforms, collected between 1 January and 30 June 2024.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.