Share

Cloud security pros expect elevated risk for serious data breaches – Cybersecurity Dive

Just one in five cybersecurity and engineering pros escaped the previous year without incident.
The perception of growing risk amid common occurrences accentuates the persistent cloud security challenges organizations confront as they deploy and invest in more cloud infrastructure.
System downtime due to misconfiguration and cloud data breaches were the most commonly reported security incidents among the 400 cloud engineers and security professionals surveyed. Snyk commissioned Propeller Insights to conduct the survey during the second quarter of 2022.
Just one out of five respondents reported no major cloud security incidents. However, a quarter of professionals said they worry their organization unknowingly suffered a data breach recently.
This gap in cloud infrastructure visibility underscores the increased complexity organizations encounter in cloud-native infrastructure. Two-fifths of respondents said cloud-native service and architecture adoption inflicts a major impact on cloud security efforts due to additional complexity.
Granting API access to the cloud control plane for cloud development and configuration opens a potentially expansive attack surface for threat actors to target.
“Every major cloud data breach involves attackers compromising the cloud API control plane for discovery, movement and extraction,” the report said. These attacks exploit architectural misconfigurations involving more than one resource. 
Containers introduce additional cloud security risks, according to Snyk. One in five respondents that are using container-based architectures reported no container-related security issues.
Lackluster cloud security efforts cause application deployment delays and impose significant demands on cloud engineering and security teams, the report said. Respondents cited a lack of cloud security policy awareness as the leading cause of cloud security failures.
Get the free daily newsletter read by industry experts
The latest incident at Marriott is relatively minor compared to major breaches in late 2018 and early 2020, but it signals a pattern of neglect.
Guidelines call for developers to attest they use secure software practices.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Share your announcement
The latest incident at Marriott is relatively minor compared to major breaches in late 2018 and early 2020, but it signals a pattern of neglect.
Guidelines call for developers to attest they use secure software practices.
The free newsletter covering the top industry headlines

source