Tenable Cloud Risk Report에서 전 세계 조직을 위협하는 위험한 클라우드 위험 노출에 대해 경각심을 보고

Tenable®, the exposure management company, today released its 2024 Tenable Cloud Risk Report, which examines the critical risks at play in modern cloud environments. Most alarmingly, nearly four in 10 organizations globally are leaving themselves exposed at the highest levels due to the “toxic cloud triad” of publicly exposed, critically vulnerable and highly privileged cloud workloads. Each of these misalignments alone introduces risk to cloud data, but the combination of all three drastically elevates the likelihood of exposure access by cyber attackers.

Security gaps caused by misconfigurations, risky entitlements and vulnerabilities combine to dramatically increase cloud risk. The Tenable Cloud Risk Report provides a deep dive into the most pressing cloud security issues observed in the first half of 2024, highlighting areas such as identities and permissions, workloads, storage resources, vulnerabilities, containers and Kubernetes. It also offers mitigation guidance for organizations seeking ways to limit exposures in the cloud.

Publicly exposed and highly privileged cloud data lead to data leaks. Critical vulnerabilities exacerbate the likelihood of incidents. The report reveals that a staggering 38% of organizations have cloud workloads that meet all three of these toxic cloud triad criteria, representing a perfect storm of exposure for cyber attackers to target. When bad actors exploit these exposures, incidents commonly include application disruptions, full system takeovers, and DDoS attacks that are often associated with ransomware. Scenarios like these could devastate an organization, with the 2024 average cost of a single data breach approaching $5 million.¹ 

Additional key findings from the report include: 

• 84% of organizations have risky access keys to cloud resources: The majority of organizations (84.2%) possess unused or longstanding access keys with critical or high severity excessive permissions, a significant security gap that poses substantial risk. 
• 23% of cloud identities have critical or high severity excessive permissions: Analysis of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure reveals that 23% of cloud identities, both human and non-human, have critical or high severity excessive permissions. 
• Critical vulnerabilities persist: Notably, CVE-2024-21626, a severe container escape vulnerability that could lead to the server host compromise, remained unremediated in over 80% of workloads even 40 days after its publishing. 
• 74% of organizations have publicly exposed storage: 74% of organizations have publicly exposed storage assets, including those in which sensitive data resides. This exposure, often due to unnecessary or excessive permissions, has been linked to increased ransomware attacks. 
• 78% of organizations have publicly accessible Kubernetes API servers: Of these, 41% also allow inbound internet access. Additionally, 58% of organizations have cluster-admin role bindings — which means that certain users have unrestricted control over all the Kubernetes environments.

“Our report reveals that an overwhelming number of organizations have access exposures in their cloud workloads of which they may not even be aware,” said Shai Morag, chief product officer, Tenable. “It’s not always about bad actors launching novel attacks. In many instances, misconfigurations and over-privileged access represent the highest risk for cloud data exposures. The good news is, many of these security gaps can be closed easily once they are known and exposed.”

The report reflects findings by the Tenable Cloud Research team based on telemetry from billions of cloud resources across multiple public cloud repositories, analyzed from January 1 through June 30, 2024.

To download the report today, please visit: https://www.tenable.com/cyber-exposure/tenable-cloud-risk-report-2024 

¹ IBM Security Cost of a Data Breach Report 2024

Tenable 소개

Tenable®은 위험 노출 관리 회사로서 비즈니스의 가치, 평판 및 신뢰를 위협하는 사이버 보안의 공백을 식별하여 채웁니다. Tenable의 AI 기반 위험 노출 관리 플랫폼은 공격 표면 전체에서 보안 가시성, 통찰 및 작업을 혁신적으로 통합하여 최신 조직들을 IT 인프라부터 클라우드 환경 및 중요 인프라와 이외의 다양한 환경에 공격에 대해 보호합니다. 엔터프라이즈를 보안 위험 노출에서 보호하여 Tenable은 전 세계에 44,000곳 이상의 고객사에서 비즈니스 위험을 줄입니다. tenable.com에서 자세히 알아보십시오.

###

미디어 연락처:

Tenable

[email protected]