Top 5 AWS Misconfigurations That Led to Data Leaks in 2021
The most disruptive security incidents associated with AWS misconfigurations and how businesses can prevent misconfigurations in the future.
A recent Ojasvi Nath article in Toolbox takes a look at headline-grabbing data leaks that occurred in the last year as a result of AWS misconfigurations including the Cosmolog Kozmetik data leak, the SeniorAdvisor security breach and more. They also offer tips for preventing misconfigurations in their AWS environments.
Nath explains that as more data is migrated to the cloud, the risk of cyber attacks on AWS’ S3 buckets has also increased. She referenced our recent survey that found that organizations used cloud identities that, if compromised, would place at least 90% of the S3 buckets in an AWS account at risk. Our research indicates that millions of organizations currently using S3 for data storage are vulnerable to ransomware attacks.
In the end, while fixing misconfigurations takes time and resources, Nash notes that it's imperative for organizations to act now. While fixing infrastructure misconfigurations takes an average of 25 days on average, she writes, "the most critical portions of the infrastructure often take the most time to fix. Fixing misconfigurations in load-balancing services, for instance, takes an average of 149 days to fix."
Taking all of this into consideration, Nath posits that organizations must take immediate steps to discover misconfigurations in cloud native environments, prioritize remediation efforts, and educate their workforce on cloud security practices.
