Misconfigured cloud services in SEA at risk of exploitation by threat actors
More than a quarter of cloud infrastructure configurations across Southeast Asia could be exploited by threat actors due to poor security and misconfigurations, says cybersecurity firm Horangi.
The company recently analysed more than 1 million cloud infrastructure configurations and found that approximately 265,000 were misconfigured. Horangi leveraged its Warden security solution to analyse these configurations.
The most common misconfiguration included unrestricted outbound access to network ports that could be used to gain unauthorised entry into an organisation's network (84% of organisations).
Furthermore, 88% of organisations had unused identity and access management (IAM) credentials, 63% of organisations still had registered inactive users in their database, 56% had users without multi-factor authentication.
97% of organisations had permissions attached to users directly; as a best practice, organisations should assign permissions at a group level to streamline access management, and to avoid accidentally granting individuals higher privileges than intended
Further, 91% of organisations also see gaps in their monitoring of sensitive changes and 78% had gaps in their ability to audit changes to their infrastructure, leading to a lack of visibility.
Misconfigurations can have potentially disastrous consequences for organisations, particularly those who operate in a remote working or hybrid working environment and leverage more cloud solutions.
Horangi CEO and cofounder Paul Hadjy says that IT leaders need to focus on areas such as remote work security policies, access control, identity and access management, privileged access management, security awareness training, endpoint protection, data loss prevention, and supply chain risk concerns to mitigate breaches and attacks.
“Solutions such as Cloud Security Posture Management (CSPM) applications can enable the proactive identification and remediation of vulnerabilities, helping to improve organisational risk postures for the region's increasingly cloud-first organisations.
Horangi states that organisations can leverage two types of cloud security services: Native cloud security available through cloud service providers such as Amazon Web Services, Google Cloud and Microsoft Azure; and third party security offered by other vendors and plug gaps in services provided by native cloud tools.
“While native cloud security tools may be sufficient for businesses with a single cloud environment, third party options may be a more viable option for organisations that need to manage large or critical cloud workloads, and have multiple cloud service accounts,” says Hadjy.
“Third-party cloud security can value-add to internet businesses in complex and highly regulated industries such as finance, healthcare, services and government, while being fully supported operationally to scale flexibly according to business needs and developments.