When looking back at 2024, it’s evident that cyberattackers have become more relentless.
We witnessed a number of government advisories being issued about threats to the computing infrastructure that underpins our lives.
Cyberattacks targeting software took businesses offline and we saw record-breaking tomes of data stolen in breaches, with increasingly larger volumes of information extracted. And in July, many felt the impact of an unprecedented outage due to a non-malicious “cyber incident” that illustrated just how reliant our critical systems are on software operating as it should at all times.
It was also a sobering reminder of the widespread impact tech can have on our daily lives.
Why can’t we secure ourselves?
While I’d like to say that the adversaries we face are cunning and clever, that’s simply not true. In most cases, cybercriminals are optimistic and opportunistic. The reality is attackers don’t break defences, they get through them. Today they continue to do what they’ve been doing for years because they know it works – be it ransomware, distributed denial-of-service attacks, phishing or any other attack methodology. The only difference is that they’ve learnt from past mistakes and honed the way their attacks for the biggest reward. If we don’t change things, then 2025 will just see even more successful attacks.
Against this, the attack surface that chief information security officers and other security leaders must defend has evolved beyond the traditional bounds of IT security and continues to expand at an unprecedented rate. What was once a manageable task of protecting a defined network perimeter has transformed into a complex challenge of securing a vast, interconnected web of IT, cloud, operational technology (OT) and internet-of-things (IoT) systems that have identities everywhere.
Cloud makes it all easier
Organisations have embraced cloud technologies for their myriad benefits. Be it private, public or a hybrid approach, cloud offers organisations scalability, flexibility and freedom for employees to work wherever and whenever they like. When you add that to the promise of cost savings combined with enhanced collaboration, cloud is a compelling proposition.
However, it doesn’t just make it easier for organisations but also expands the attack surface threat actors can target.
According to Tenable’s 2024 Cloud Security Outlook study, published in May 2024, 95% of the 600 organisations surveyed said they had suffered a cloud-related breach in the previous 18 months. Among those, 92% reported exposure of sensitive data, and a majority acknowledged being harmed by the data exposure. If we don’t address this trend, in 2025 we could likely see these figures hit 100%.
In Tenable’s 2024 Cloud Risk Report, published in November 2024 and which examined the critical risks at play in modern cloud environments, nearly four in 10 organisations globally said they were leaving themselves exposed at the highest levels due to the “toxic cloud trilogy” of publicly exposed, critically vulnerable and highly privileged cloud workloads. Each of these misalignments alone introduces risk to cloud data, but the combination of all three drastically elevates the likelihood of exposure access by cyberattackers.
When bad actors exploit these exposures, incidents commonly include application disruptions, full system takeovers and DDoS attacks that are often associated with ransomware. Scenarios like these could devastate an organisation. According to IBM’s Cost of a Data Breach Report 2024, the average cost of a single data breach globally is nearly US$5-million.
Taking back control
Contextualisation and prioritisation are the only ways to focus on what is essential. You might be able to ignore 95% of what is happening, but it’s the 0.01% that will put the company on the front page of tomorrow’s newspaper.
Vulnerabilities can be very intricate and complex, but the severity is when they come together with that toxic combination of access privileges that creates attack paths. Technologies are dynamic systems. Even if everything was okay yesterday, today someone might do something – change a configuration by mistake, for example – with the result that a number of doors become aligned and can be pushed open by a threat actor.
Read: Harness the power of cloud securely with Tenable
Identity and access management is highly complex, even more so in multi-cloud and hybrid cloud environment. Having visibility of who has access to what is crucial. Cloud security posture management (CSPM) tools can help provide visibility, monitoring and auditing capabilities based on policies, all in an automated manner. Additionally, cloud infrastructure entitlement management (CIEM) is a cloud security category that addresses the essential need to secure identities and entitlements, and enforce least privilege, to protect cloud infrastructure. This provides visibility into an organisation’s cloud environment by identifying all its identities, permissions and resources, and their relationships, and using analysis to identify risk.
Read: Tenable report sounds alarm over toxic cloud exposures
It’s not always about bad actors launching novel attacks, but organisations failing to address their greatest exposures. The good news is many of these security gaps can be exposed and closed. Organisations must bolster their security strategies and invest in the necessary expertise to safeguard their digital assets effectively, especially as IT managers expand their infrastructure and move more assets into cloud environments. Raising the security bar can often persuade threat actors to move on and find another target.
- The author, Bernard Montel, is Europe, Middle East and Africa technical director and security strategist at Tenable
- Read more articles by Tenable on TechCentral
- This promoted content was paid for by the party concerned
