Palo Alto Networks: Organizations take six days on average to resolve a security alert
Palo Alto Networks, the global cybersecurity leader, today released the Unit 42 Cloud Threat Report, Volume 7. It looks at data collected over the past 12 months and provides a wide-angle view of the status of common misalignments, leaving the door open to malicious activity.
Unit 42 looked at more than 1,300 organizations to create this report and analyzed the workloads in 210,000 cloud accounts/subscriptions/projects across all major Cloud Service Providers (CSPs). With the rate of cloud migration showing no sign of slowing down—from $370 billion in 2021 and predicted to reach $830 billion in 2025 – threat actors are looking to exploit common issues in the cloud, including misconfigurations, weak credentials, lack of authentication, unpatched vulnerabilities, and malicious open source software packages.
Key findings from the report include:
- On average, security teams take 145 hours (approximately six days) to resolve a security alert, with 60% of organizations taking longer than four days to resolve security issues.
- 80% of the alerts are triggered by just 5% of security rules in most organizations' cloud environments.
- 63% of the codebases in production have unpatched vulnerabilities rated high or critical on the Common Vulnerability Scoring System (CVSS ≥ 7.0)
- 76% of organizations don’t enforce Multifactor Authentication (MFA) for console users, while 58% don’t enforce MFA for root/admin users.
- Sensitive data, such as personal identifiable information, financial records, or intellectual property, are found in 66% of storage buckets and 63% of publicly exposed storage buckets.
- 51% of codebases depend on more than 100 open-source packages. However, developers directly import only 23% of the packages.
Organizations should expect the cloud-native attack surface to expand as threat actors find new ways to target cloud infrastructure misconfigurations, application programming interfaces (APIs), and software supply chains. Steven Scheurmann, Regional Vice President, ASEAN, at Palo Alto Networks, shared that cloud-ready security measures such as the Zero Trust approach must be implemented to help businesses identify and neutralize threats in real-time.
"As cloud usage increases in the Philippines and around the world, threat actors take advantage of undiscovered weaknesses and vulnerabilities in this technology to attack organizations." With an average of 145 hours for teams to resolve a security alert, these malicious attackers have enough time to compromise the shared software supply chain and ambush large numbers of victims simultaneously. Therefore, it’s significant to contain these threats from the very start by eliminating implicit trust and continuously verifying access at every stage to mitigate the impact of threats.
No comments: