A report found that one-third (33%) of cloud security incidents investigated by IBM Security Valid accreditation.
Overall, the report notes that some form of identity theft accounted for more than half (51%) of the cloud incidents investigated.
The third most common cloud incident was related to common application vulnerabilities at 22%, the report found.
However, in terms of sharing actual incident response, IBM researchers noted that cloud-hosted instances of Microsoft Active Directory servers accounted for 39% of attacks over the past two years.
Chris Caridi, strategic cyber threat analyst at IBM Security He pointed out that in the absence of best hygiene practices to ensure cloud security, it still requires little effort for cybercriminals to penetrate cloud computing services.
In fact, in collaboration with Cybersixgill, a threat intelligence service provider, IBM researchers determined that the average cost of compromised cloud credentials for sale on the Dark Web is currently $10.23.
The most common attack on cloud services involves some form of business email compromise (BEC) at 39%, followed by attempts to run cryptocurrency mining rigs to create digital currency (22%). Credential collection and access to servers are tied at 11% each.
The IBM report also noted that in collaboration with Red Hat researchers, the most significant failed security rules were identified in cloud-only environments that involved improper configuration of basic security and management settings in Linux systems. In contrast, the most significant security failure in environments where 50% or more of systems are in the cloud involves failing to ensure consistent and secure authentication and encryption practices.
Regarding newly discovered vulnerabilities in cloud computing environments, the report notes that more than a quarter (27%) involve some type of cross-site scripting issue that can be used to either redirect website traffic or harvest access tokens.
Despite all these issues, the overall state of cloud security awareness has improved in recent years, Caridi noted. He added that there is still a lot of work to be done when it comes to understanding how a shared responsibility approach to cloud security works, but more organizations are at least aware of the potential threats.
Of course, cybercriminals only need to succeed once to wreak havoc. In addition to securing identities and investing in additional incident response capabilities, the IBM researcher noted that organizations must integrate security throughout the software development life cycle (SDLC), ensure data is encrypted, adopt threat models, perform more rigorous testing and embrace automation.
Naturally, these capabilities will require additional levels of investment, however, as the value of software assets running in the cloud continues to increase, the total cost of a breach is likely to be much higher. The challenge, as always, is to convince senior business and IT leaders that an ounce of prevention will always be less expensive than any pound of treatment that may end up being applied later.
