Tenable, an exposure management company, has released its 2024 Tenable Cloud Risk Report, which examines the critical risks at play in modern cloud environments. Most alarmingly, nearly four in 10 organisations globally are leaving themselves exposed at the highest levels due to the ‘toxic cloud triad’ of publicly exposed, critically vulnerable and highly privileged cloud workloads. Each of these misalignments alone introduces risk to cloud data, but the combination of all three drastically elevates the likelihood of exposure access by cyberattackers.
Security gaps caused by misconfigurations, risky entitlements and vulnerabilities combine to dramatically increase cloud risk. The Tenable Cloud Risk Report provides a deep dive into the most pressing cloud security issues observed in the first half of 2024, highlighting areas such as identities and permissions, workloads, storage resources, vulnerabilities, containers and Kubernetes. It also offers mitigation guidance for organisations seeking ways to limit exposures in the cloud.
Publicly exposed and highly privileged cloud data lead to data leaks. Critical vulnerabilities exacerbate the likelihood of incidents. The report reveals that a staggering 38% of organisations have cloud workloads that meet all three of these toxic cloud triad criteria, representing a perfect storm of exposure for cyberattackers to target. When bad actors exploit these exposures, incidents commonly include application disruptions, full system takeovers and DDoS attacks that are often associated with ransomware. Scenarios like these could devastate an organisation, with the 2024 average cost of a single data breach approaching US$5 million.