In the early days of the COVID-19 pandemic, there was a rapid uptick in demand for cloud services. Utilizing data pulled from our global array of sensors, our elite cloud threat researchers found a correlation: Organizations globally increased their cloud workloads by more than 20%, leading to an explosion of security incidents. Our research shows that cloud security programs for organizations globally are still in their infancy when it comes to security automation (i.e., DevSecOps and shift left). We concluded that rapid cloud scale and complexity without automated security controls embedded across the entire development pipeline are a toxic combination.
Matthew Chiodi Organizations expanded their cloud workload deployments following the onset of the pandemic, but they also saw more cloud security incidents. Such incidents in the retail, manufacturing and government industries rose by 402%, 230% and 205%, respectively. These industries were among those facing the greatest pressures to adapt and scale in the face of the pandemic – retailers for basic necessities, and manufacturing and government for COVID-19 supplies and aid.
Why it Matters: Organizations were able to quickly move more workloads to the cloud in response to the COVID-19 global pandemic, but they struggled many months later to automate cloud security and mitigate cloud risks. Our research indicates that cloud security incidents increased by an astounding 188% in the second quarter of 2020 (April to June).
Why it Matters: Unit 42 research revealed significant increases in a wide variety of security risks during the pandemic, including unencrypted cloud data, exposure of cloud resources to public access, insecure port configurations and more. Taken as a whole, these incidents underscore the failure of most organizations to scale cloud governance and security automation at the same rate that they scaled their cloud workloads.
Why it Matters: While they stored more data in the cloud, many organizations failed to enforce proper security controls over that data. Our research indicates that 35% of businesses globally permitted their cloud storage resources – many of which contain sensitive data – to be publicly accessible from the internet. While this may be necessary in some cases, it is likely that it usually results from oversights that remain undetected due to a lack of security monitoring and auditing.
Why it Matters: Unit 42 researchers noted clear correlations between public cloud cryptojacking activity associated with Monero (XMR), a cryptocurrency that can be mined in the cloud, and events related to the pandemic. Mining connections fluctuated in response to pandemic-related health, political and economic developments.
The key takeaway from our data is clear: Organizations have neglected to invest in the cloud governance and automated security controls necessary to protect their workloads as they move to the cloud. In turn, they have created serious business risks, such as exposing sensitive data to the internet and inviting breaches through sensitive open ports. While our Unit 42® Cloud Threat Reports in 2020 identified similar problems, the numerous crises unleashed by the COVID-19 pandemic have made the situation more widespread and challenging.
