Executive summary of the latest Unit 42 threat research on cloud threats. Credit: Shutterstock Unit 42 is Palo Alto Networks’ world-renowned threat intelligence and security consulting team. The key headline of the latest Unit 42 Cloud Threat Report isn’t about the most sophisticated attacks. It’s that nearly all organizations we analyzed lack the proper controls to keep their cloud resources secure. The term for this in cloud security is identity and access management (IAM), and it refers to the policies that define who has permission to do what in a cloud environment. A fundamental best practice for policies like this is to apply least privilege access – ensuring that each user or group has the minimum access required to perform necessary functions. This helps minimize the damage an attacker can do in the event of a compromise as the attacker will only gain access to the limited information and capabilities of that one compromised cloud resource. Unfortunately, we found a different situation when we studied how organizations are managing access to their cloud environments. We analyzed more than 680,000 identities across 18,000 cloud accounts from 200 different organizations and found that a staggering 99% of cloud users, roles, services and resources were granted excessive permissions. This matters because the majority of known cloud incidents start with a misconfigured IAM policy or a leaked credential. How Could Lax IAM Policies Impact You? Throughout the pandemic, many organizations moved significant amounts of data and business operations into the cloud. We found that 69% of organizations now host more than half their workloads in the cloud, compared with just 31% in 2020. This makes the cloud a more tempting target for adversaries looking to—for example—steal sensitive data, deliver ransomware or take advantage of computing resources that don’t belong to them. While sophisticated attacks on cloud resources are possible, attackers don’t need to go to those lengths to achieve their goals when organizations allow excessive permissions and overly permissive policies. If your organization isn’t following best practices for IAM permissions in the cloud, you could be making an attacker’s job easier. Improving Cloud Security: Recommendations Your security should be just as native to the cloud as the applications you run there. CISOs should look into Cloud Native Application Protection Platform (CNAPP) suite integration. This can help bring disparate security functions into a single user interface, all tailored to cloud security. Your security team should also harden IAM permissions. Our recent Cloud Threat Report includes an eight-step best practices guide that could help you. Finally, as is common in cybersecurity today, an overabundance of alerts is likely hampering your security team and reducing their efficiency. Look into tools and workflows you can deploy to increase security automation, allowing your team the breathing room to get your overall security posture right, rather than being stuck responding to one alert after another. Want to learn more? Download the full report here: Unit 42 Cloud Threat Report, vol 6 Related content brandpost Sponsored by Palo Alto Networks Robust remote access security for the utilities sector advances with Zero Trust Infrastructure, specifically the utilities sector, must adopt a Zero Trust approach as ongoing cyberattacks by remote actors become more and more prevalent—threatening to disrupt everyday life. By Anand Oswal, senior vice president of product, network security, Palo Alto Networks Mar 28, 2024 5 mins Security brandpost Sponsored by Palo Alto Networks 3 business benefits of stronger security using Zero Trust principles Today’s security solutions can enable better, faster ROI. Read on to learn more. By Navneet Singh, Vice President of Marketing, Network Security, Palo Alto Networks Mar 06, 2024 6 mins Security brandpost Sponsored by Palo Alto Networks 3 data security disciplines to drive AI innovation If organizations do not have the appropriate security protections in place, they instantly become a prime target for cybercriminals. It’s time to confidently explore and innovate with AI without fear of compromising the organization as a whole. By Dan Benjamin, Sr. Director of Product Management, Palo Alto Networks Mar 01, 2024 4 mins Artificial Intelligence brandpost Sponsored by Palo Alto Networks Insights into IR sniping and AI’s changing face of cyberthreats IR sniping and the transformative function of AI make cybersecurity much more effective—it’s time to find out why. By Palo Alto Networks Feb 01, 2024 4 mins Artificial Intelligence Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe