Tenable Cloud Risk Report Sounds the Alarm on Toxic Cloud Exposures Threatening Global Organizations
08 Octubre 2024 - 8:00AM
Tenable®, the exposure management company, today released its 2024
Tenable Cloud Risk Report, which examines the critical risks at
play in modern cloud environments. Most alarmingly, nearly four in
10 organizations globally are leaving themselves exposed at the
highest levels due to the “toxic cloud triad” of publicly exposed,
critically vulnerable and highly privileged cloud workloads. Each
of these misalignments alone introduces risk to cloud data, but the
combination of all three drastically elevates the likelihood of
exposure access by cyber attackers.
Security gaps caused by misconfigurations, risky entitlements
and vulnerabilities combine to dramatically increase cloud risk.
The Tenable Cloud Risk Report provides a deep dive into the most
pressing cloud security issues observed in the first half of 2024,
highlighting areas such as identities and permissions, workloads,
storage resources, vulnerabilities, containers and Kubernetes. It
also offers mitigation guidance for organizations seeking ways to
limit exposures in the cloud.
Publicly exposed and highly privileged cloud data lead to data
leaks. Critical vulnerabilities exacerbate the likelihood of
incidents. The report reveals that a staggering 38% of
organizations have cloud workloads that meet all three of these
toxic cloud triad criteria, representing a perfect storm of
exposure for cyber attackers to target. When bad actors exploit
these exposures, incidents commonly include application
disruptions, full system takeovers, and DDoS attacks that are often
associated with ransomware. Scenarios like these could devastate an
organization, with the 2024 average cost of a single data breach
approaching $5 million.1
Additional key findings from the report include:
- 84% of organizations have risky access keys to cloud
resources: The majority of organizations (84.2%) possess
unused or longstanding access keys with critical or high severity
excessive permissions, a significant security gap that poses
substantial risk.
- 23% of cloud identities have critical or high severity
excessive permissions: Analysis of Amazon Web Services
(AWS), Google Cloud Platform (GCP) and Microsoft Azure reveals that
23% of cloud identities, both human and non-human, have critical or
high severity excessive permissions.
- Critical vulnerabilities persist: Notably,
CVE-2024-21626, a severe container escape vulnerability that could
lead to the server host compromise, remained unremediated in over
80% of workloads even 40 days after its publishing.
- 74% of organizations have publicly exposed
storage: 74% of organizations have publicly exposed
storage assets, including those in which sensitive data resides.
This exposure, often due to unnecessary or excessive permissions,
has been linked to increased ransomware attacks.
- 78% of organizations have publicly accessible
Kubernetes API servers: Of these, 41% also allow inbound
internet access. Additionally, 58% of organizations have
cluster-admin role bindings — which means that certain users have
unrestricted control over all the Kubernetes environments.
“Our report reveals that an overwhelming number of organizations
have access exposures in their cloud workloads of which they may
not even be aware,” said Shai Morag, chief product officer,
Tenable. “It’s not always about bad actors launching novel attacks.
In many instances, misconfigurations and over-privileged access
represent the highest risk for cloud data exposures. The good news
is, many of these security gaps can be closed easily once they are
known and exposed.”
The report reflects findings by the Tenable Cloud Research team
based on telemetry from billions of cloud resources across multiple
public cloud repositories, analyzed from January 1 through June 30,
2024.
To download the report today, please visit:
https://www.tenable.com/cyber-exposure/tenable-cloud-risk-report-2024
1 IBM Security Cost of a Data Breach Report 2024
About TenableTenable® is the exposure
management company, exposing and closing the cybersecurity gaps
that erode business value, reputation and trust. The company’s
AI-powered exposure management platform radically unifies security
visibility, insight and action across the attack surface, equipping
modern organizations to protect against attacks from IT
infrastructure to cloud environments to critical infrastructure and
everywhere in between. By protecting enterprises from security
exposure, Tenable reduces business risk for more than 44,000
customers around the globe. Learn more at tenable.com.
Media Contact:Tenabletenablepr@tenable.com
A video accompanying this release is available at
https://www.globenewswire.com/NewsRoom/AttachmentNg/532ee720-34f5-486e-89cc-4ea7531a7fc9
Tenable (NASDAQ:TENB)
Gráfica de Acción Histórica
De Oct 2024 a Nov 2024
Tenable (NASDAQ:TENB)
Gráfica de Acción Histórica
De Nov 2023 a Nov 2024