Le rapport Tenable sur les risques liés au cloud tire la sonnette d'alarme sur les cyber-expositions du cloud qui menacent les entreprises mondiales

38% of organizations have cloud environments with a “toxic cloud triad” of publicly exposed, critically vulnerable and highly privileged workloads

October 8, 2024 · Columbia, MD

Le rapport Tenable sur les risques liés au cloud tire la sonnette d'alarme sur les cyber-expositions du cloud qui menacent les entreprises mondiales

Tenable®, the exposure management company, today released its 2024 Tenable Cloud Risk Report, which examines the critical risks at play in modern cloud environments. Most alarmingly, nearly four in 10 organizations globally are leaving themselves exposed at the highest levels due to the “toxic cloud triad” of publicly exposed, critically vulnerable and highly privileged cloud workloads. Each of these misalignments alone introduces risk to cloud data, but the combination of all three drastically elevates the likelihood of exposure access by cyber attackers.

Security gaps caused by misconfigurations, risky entitlements and vulnerabilities combine to dramatically increase cloud risk. Le Rapport Tenable sur les risques liés au cloud propose une étude approfondie des problèmes de sécurité du cloud les plus urgents observés au cours de la première moitié de 2024, en mettant l'accent sur des domaines tels que les identités et les autorisations, les charges de travail, les ressources de stockage, les vulnérabilités, les conteneurs et Kubernetes.Il suggère également des conseils d'atténuation pour les entreprises qui cherchent à limiter leurs expositions dans le cloud.

Publicly exposed and highly privileged cloud data lead to data leaks. Critical vulnerabilities exacerbate the likelihood of incidents. The report reveals that a staggering 38% of organizations have cloud workloads that meet all three of these toxic cloud triad criteria, representing a perfect storm of exposure for cyber attackers to target. When bad actors exploit these exposures, incidents commonly include application disruptions, full system takeovers, and DDoS attacks that are often associated with ransomware. Scenarios like these could devastate an organization, with the 2024 average cost of a single data breach approaching $5 million.¹

Additional key findings from the report include:

84% of organizations have risky access keys to cloud resources: The majority of organizations (84.2%) possess unused or longstanding access keys with critical or high severity excessive permissions, a significant security gap that poses substantial risk.
23% of cloud identities have critical or high severity excessive permissions: Analysis of Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure reveals that 23% of cloud identities, both human and non-human, have critical or high severity excessive permissions.
Critical vulnerabilities persist: Notably, CVE-2024-21626, a severe container escape vulnerability that could lead to the server host compromise, remained unremediated in over 80% of workloads even 40 days after its publishing.
74% of organizations have publicly exposed storage: 74% of organizations have publicly exposed storage assets, including those in which sensitive data resides. This exposure, often due to unnecessary or excessive permissions, has been linked to increased ransomware attacks.
78% of organizations have publicly accessible Kubernetes API servers: Of these, 41% also allow inbound internet access. Additionally, 58% of organizations have cluster-admin role bindings — which means that certain users have unrestricted control over all the Kubernetes environments.

“Our report reveals that an overwhelming number of organizations have access exposures in their cloud workloads of which they may not even be aware,” said Shai Morag, chief product officer, Tenable. “It’s not always about bad actors launching novel attacks. In many instances, misconfigurations and over-privileged access represent the highest risk for cloud data exposures. The good news is, many of these security gaps can be closed easily once they are known and exposed.”

The report reflects findings by the Tenable Cloud Research team based on telemetry from billions of cloud resources across multiple public cloud repositories, analyzed from January 1 through June 30, 2024.

To download the report today, please visit: https://www.tenable.com/cyber-exposure/tenable-cloud-risk-report-2024

¹ IBM Security Cost of a Data Breach Report 2024

À propos de Tenable

Tenable® est la société de gestion de l'exposition au cyber-risque, qui dévoile et comble les failles qui affectent la valeur d’une l'entreprise, compromettant sa réputation et diminuant la confiance de ses clients. Sa plateforme de gestion de l'exposition optimisée par l'IA unit de manière inédite la visibilité, les connaissances et les actions de sécurité sur l'ensemble de la surface d'attaque. Les entreprises sont ainsi équipées pour se défendre contre tout type d'attaque, de l'infrastructure IT aux environnements cloud en passant par les infrastructures critiques. En protégeant les entreprises de l’exposition Cyber, Tenable réduit les risques business pour plus de 44 000 clients dans le monde. Pour en savoir plus, rendez-vous sur fr.tenable.com.

###

Contact média :

Tenable

[email protected]

Restez informé !

Abonnez-vous à nos alertes par e-mail pour recevoir les nouveaux communiqués de presse.

S'abonner aux communiqués de presse

Cloud

Plateforme de gestion de l'exposition Tenable One

Catégories de la plateforme

Capacités de la plateforme

Cyber-exposition du cloud

Cyber-exposition liée aux vulnérabilités

Cyber-exposition de l'OT/IoT

Cyber-exposition des identités

Besoins des entreprises

Secteur d'activité

Conformité

Secteur public

Ressources

Tenable Research

Rechercher un partenaire

Programme de partenariat Tenable Assure

Partenaires technologiques

Assistance

Services

Tenable Trust

Notre société

Nous rejoindre

Pourquoi Tenable

Médias

Connexion

Le rapport Tenable sur les risques liés au cloud tire la sonnette d'alarme sur les cyber-expositions du cloud qui menacent les entreprises mondiales

38% of organizations have cloud environments with a “toxic cloud triad” of publicly exposed, critically vulnerable and highly privileged workloads

Restez informé !

Le rapport Tenable sur les risques liés au cloud tire la sonnette d'alarme sur les cyber-expositions du cloud qui menacent les entreprises mondiales

38% of organizations have cloud environments with a “toxic cloud triad” of publicly exposed, critically vulnerable and highly privileged workloads

Restez informé !

Tenable Vulnerability Management

Tenable Vulnerability Management

Merci

Tenable Vulnerability Management

Tenable Vulnerability Management

Merci

Tenable Vulnerability Management

Tenable Vulnerability Management

Merci

Essayez Tenable Web App Scanning

Acheter Tenable Web App Scanning

Merci

Essayer Tenable Lumin

Acheter Tenable Lumin

Merci

Demander une démo de Tenable Security Center

Demander une démo de Tenable OT Security

Demander une démo de Tenable Identity Exposure

Demandez une démo de Tenable Cloud Security

Découvrez Tenable One en action

Voir Tenable Attack Surface Management en action

Obtenir une démo de Tenable Enclave Security

Merci

Essayez Tenable Nessus Professional gratuitement

NOUVEAU - Tenable Nessus Expert maintenant disponible

Acheter Tenable Nessus Professional

Essayer Tenable Nessus Expert gratuitement

Acheter Tenable Nessus Expert

Découvrez comment Tenable répond aux exigences du plan de cyber-sécurité SLCGP

Découvrez
Tenable One
en action

NOUVEAU - Tenable Nessus Expert
maintenant disponible