The Cyber Defense eMagazine August Edition for 2023
Cyber Defense eMagazine August Edition for 2023 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Cyber Defense eMagazine August Edition for 2023 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>The</strong> term “shared” is somewhat misleading. It’s more like “divided.” <strong>The</strong> cloud provider’s responsibility<br />
ends with their infrastructure. Everything you bring into their environment is your responsibility. This<br />
means that upwards of 90% of the cloud security burden rests with the users. And that’s likely why<br />
Gartner concluded that 99% of cloud security failures are the customer’s fault.<br />
Solution:<br />
Knowledge is power. Understand the extent of protection your cloud provider offers, and make sure you<br />
have the in-house or outsourced skillset to make up the difference.<br />
Amendable Human Error #2 - Misconfigurations<br />
<strong>The</strong> good news is that security professionals know that a properly configured cloud environment is<br />
actually rarely breached. <strong>The</strong> bad news is that the vast majority of cloud environments are not properly<br />
configured, to say the least.<br />
A great example of this is a recently exposed breach at automaker Toyota. Resulting from a cloud<br />
misconfiguration, this breach went on <strong>for</strong> over a decade and affected over two million customers.<br />
Why does this happen? Under the shared security responsibility model, your IT teams need to do a lot of<br />
manual security configuring. But IT teams are not always cloud security experts (or even cloud experts,<br />
<strong>for</strong> that matter). Frequently, these teams rely on default provider settings – settings which threat actors<br />
love, of course. <strong>The</strong>se settings leave, <strong>for</strong> example, 55% of companies with one or more databases that<br />
are publicly exposed to the internet due to misconfigured routes or authentication requirements. What’s<br />
worse, the sheer scalability of cloud deployments magnifies the ramifications of even a single<br />
misconfigured setting.<br />
<strong>The</strong> under-skilled cloud admins deploying your sensitive data and proprietary applications to the cloud<br />
may not be aware of the intricacies of integration, prioritization, segmentation and permissions. It’s<br />
possible they don’t know they should con<strong>for</strong>m with industry best practices and maintain separate cloud<br />
accounts <strong>for</strong> CI/CD, production, development, customer service, and more. <strong>The</strong>y may not know how to<br />
handle the flood of cloud security issues raised by Cloud Security Posture Management (CSPM) systems.<br />
Solution:<br />
Hire skilled resources. It’s true that skilled cybersecurity professionals are hard to come by. In fact, there<br />
was an estimated cybersecurity work<strong>for</strong>ce gap of over 3 million people in 2022 – and that number is still<br />
growing. To mitigate this, many organizations are outsourcing cloud security to MSSPs or other security<br />
solution providers.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>August</strong> <strong>2023</strong> <strong>Edition</strong> 66<br />
Copyright © <strong>2023</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.