Top four public cloud security threats

Read time 2min 10sec
Check Point's 2019 Security Report was released at the CPX360 event in Vienna yesterday.
Check Point's 2019 Security Report was released at the CPX360 event in Vienna yesterday.

Cloud and mobile are the weakest links in IT security, according to Check Point Software Technologies.

This is one of the key takeaways from the company's 2019 Security Report released at its CPX360 event, hosted this week in Vienna, Austria.

According to Check Point's research, 18% of organisations globally had a cloud security incident in the past year, with the most common incidents being data leaks or breaches, account hijacks, and malware infections.

Maya Horowitz, director of Threat Intelligence & Research, and Orli Gan, head of Threat Prevention Product, revealed the top four public cloud security threats: misconfiguration of cloud platforms, leading to data loss or breaches (62%); unauthorised access to cloud resources (55%); insecure interfaces and APIs (50%); and hijacking of accounts or data traffic (47%).

In addition, 30% of IT professionals still consider security to be the sole responsibility of the cloud service provider, and 59% of these professionals do not use mobile threat defences.

"Only 9% of IT professionals consider threats on mobile a significant security risk," Gan said. "Yet malware can propagate from unprotected mobile devices to organisations' cloud or on-premise networks, exploiting this weak link in enterprise security defences."

The biggest threats to mobile users, she said, were mobile malware, fake or malicious apps, man-in-the middle attacks and system vulnerabilities.

An arms race

Yaniv Balmas, group manager of Security Research at Check Point, described the security scenario surrounding cloud migration and mobile as 'an arms race', with tech vendors, service providers and end-users at a disadvantage.

"They have to deal with regulation, have to understand the touch points in the system and how everything fits together. Meanwhile, the attackers are far more agile and just waiting to see what they can exploit," he said.

As to whose responsibility it is to maintain, sustain and reinforce security around cloud and mobile services, Balmas believes this should be shared.

"Vendors can really help businesses by consulting with them on the best solutions for their business requirements...again, it's a double-edged sword; while companies are aware they need to migrate to the cloud, they feel rushed to do so and user education is what suffers."

See also