Global impact of Covid-19 on the security posture of organisations
Published on : Wednesday 07-04-2021
As the pandemic triggered the largest shift to remote work in history, organisations around the world struggled to migrate to the cloud and secure employees working from home.
April 7, 2021 – Unit 42, the Palo Alto Networks threat intelligence team, has released new research that illustrates how the surge in cloud adoption created security gaps that contributed to a spike in cyberattacks over the past year.
To understand the global impact of Covid-19 on the security posture of organisations, the Unit 42 cloud threat intelligence team analysed data from hundreds of cloud accounts around the world between October 2019 and February 2021 (before and after the onset of the pandemic). Our research indicates that cloud security incidents increased by an astounding 188% in the second quarter of 2020 (April to June). It was found that, although organisations quickly moved more workloads to the cloud in response to the pandemic, they struggled many months later to automate cloud security and mitigate cloud risks. While infrastructure as code (IaC) offers DevOps and security teams a predictable way to enforce security standards, this powerful capability continues to go unharnessed.
The report details the scope of Covid-19’s impact on the cloud threat landscape and explains which types of risks are most prevalent in specific geographies and industries. It also identifies actionable steps organisations can take to reduce the security risks associated with their cloud workloads.
Organisations experienced large expansions in the size of cloud workload deployments following the onset of the pandemic, but they also suffered an uptick in cloud security incidents. Of note, cloud security incidents for the retail, manufacturing, and government industries rose by 402%, 230%, and 205%, respectively. This trend is not surprising; these same industries were among those facing the greatest pressures to adapt and scale in the face of the pandemic—retailers for basic necessities, and manufacturing and government for Covid-19 supplies and aid.
Industries that play crucial roles in combating the pandemic are struggling to secure their cloud workloads, underscoring the danger of underinvesting in cloud security. Such spikes in cloud security incidents make clear that, although the cloud allows businesses to quickly expand their remote work capabilities, automated security controls around DevOps and continuous integration/continuous delivery (CI/CD) pipelines often lag behind this rapid movement.
While the pandemic raged, cryptocurrencies such as Bitcoin (BTC), Ethereum (ETH), and Monero (XMR) grew in popularity and market value. Despite this, cryptojacking is trending down: from December 2020 through February 2021, only 17% of organizations with cloud infrastructure showed signs of this activity, compared to 23% in July through September 2020. This is the first recorded drop since Unit 42 began tracking cryptojacking trends in 2018. Organisations appear to be blocking cryptojacking more proactively. This can be done effectively through workload runtime protections that mitigate an attacker’s ability to run malicious cryptomining software undetected in enterprise cloud environments.
The findings indicate that 30% of organisations expose some sensitive content to the internet, such as personally identifiable information (PII), intellectual property, and healthcare and financial data. Anyone who knows or can guess the URLs can access this data. When this data is exposed directly to the internet, organisations face significant risks associated with unauthorised access and regulatory compliance violations. This degree of exposure suggests that organisations continue to struggle to enforce proper access controls for the hundreds of data storage buckets that may operate in the cloud, especially when those buckets are spread across multiple cloud providers and accounts.
https://unit42.paloaltonetworks.com/highlights-cloud-threat-report-1h-2021/
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)