A new report has highlighted the growing risks associated with modern cloud environments, revealing that 38% of organizations globally face critical exposures from a dangerous combination of security gaps.
The Tenable Cloud Risk Report 2024 showed that these companies are at risk due to a “toxic cloud triad” involving publicly exposed, critically vulnerable and highly privileged cloud workloads.
This combination leaves them vulnerable to cyber-attacks that could result in application disruptions, system takeovers and costly data breaches.
The report, based on telemetry from billions of cloud resources, provides a detailed analysis of key cloud security issues during the first half of 2024.
These include misconfigurations, risky entitlements and persistent vulnerabilities in areas such as identities and permissions, storage, workloads and containers. The findings emphasize the urgent need for organizations to mitigate these risks to prevent devastating breaches.
The average cost of a data breach in 2024 is estimated to approach $5m.
Tenable Cloud Risk Report 2024: Key Findings
Some of the report’s most concerning findings include:
-
84% of organizations possessed access keys with excessive permissions that are unused or long-standing
-
23% of cloud identities – including human and non-human users – had critical or high-severity excessive permissions
-
80% of workloads remained vulnerable to CVE-2024-21626, a severe container escape vulnerability, even 40 days after its disclosure
Additionally, 74% of organizations have publicly exposed storage, often containing sensitive data, which has been linked to an increase in ransomware attacks. The report also noted that 78% of organizations have publicly accessible Kubernetes API servers, with 41% allowing inbound internet access.
“Our report reveals that an overwhelming number of organizations have access exposures in their cloud workloads of which they may not even be aware,” said Shai Morag, chief product officer at Tenable.
“It’s not always about bad actors launching novel attacks. In many instances, misconfigurations and over-privileged access represent the highest risk for cloud data exposures. The good news is, many of these security gaps can be closed easily once they are known and exposed.”