Lessons from cloud attacks: What’s at stake for organisations in India?

With more organisations moving to hybrid and multi-cloud environments, securing the cloud is becoming a formidable challenge. Cloud complexity — including identity sprawl and layers of policies that often change – makes understanding access risk and permissions extremely difficult.

Over the next 12 months, Indian organisations expressed heightened concerns about cloud-related threats, with 52 per cent specifically worried about cloud attacks from a cyber risk standpoint.

Satisfaction with technology capabilities for securing the cloud stands at only 50 per cent, and more than 30 per cent do not consistently adhere to standard practices in cyber defence. The data comes to us from the 2024 Global Digital Trust Insights published by PricewaterhouseCoopers International

Even large enterprises aren’t exempt from cloud attacks. A notable example occurred in June of 2023 when a popular Japanese automaker revealed that approximately 260,000 customers’ data was exposed online due to a misconfigured cloud environment.

This breach underscores how a misconfiguration, combined with the abundance of both user and service account identities in the cloud, can provide a gateway for cybercriminals. It also emphasises the complexity of identifying cloud-based attacks, involving technologies like Kubernetes and containers, as well as service-based approaches for functions such as databases, networking and virtualisation platforms.

This incident serves as just one among many and imparts valuable lessons for Indian organisations, emphasising the imperative of implementing a robust cloud security program.

Lesson 1: A consolidated view of the cloud is indispensable
Cloud-native applications are not built for deployment on traditional platforms like virtual machines or bare metal. They run on scalable cloud platforms and infrastructure and are designed to be deployed across multiple clouds, exposing organisations to a whole new set of security challenges.

Indian organisations can benefit from adopting cloud-native application protection platforms (CNAPP) to better secure the assets and applications being managed on these platforms.

As they combine multiple discrete tools, CNAPP offers better context, enabling prioritised, actionable intelligence, reducing time-to-remediation and giving organisations a consolidated view of their security posture across all cloud-native risks, vulnerabilities and misconfigurations. Using multiple-point products for cloud security can produce a heavily siloed analysis, restricting an organisation’s ability to derive the right context.

CNAPP solutions eliminate these silos and help achieve greater context and visibility.

Lesson 2: Monitoring and threat detection mustn’t be a complicated process
Most organisations leverage multiple public cloud providers which means they use numerous point tools to help manage security and compliance across their multi-cloud environment.

However, leveraging the built-in tools for each provider does not provide a consolidated view of security posture and this makes understanding and addressing risks more challenging. Even if an organisation relies on a single cloud service provider, consolidating tools may yield minor benefits at the expense of flexibility and resiliency for the business.

However, there is still a significant gap in having accurate and continuous support across the entire attack surface of applications, on-premises assets, identities and entitlements and much more. This adds to an organisation’s overall cyber risk, making monitoring and detecting threats a Sisyphean task.

What organisations need is an all-in-one CNAPP solution, which simplifies and centralises the monitoring, detection, and remediation of potential cloud security threats and vulnerabilities, reducing mean-time-to-remediation (MTTR) and improving overall security.

It offers an ecosystem of intelligence that’s built around all cloud-native applications and security tools, consolidated on a single platform that can provide visibility across multiple hybrid and multi-cloud platforms, offering the contextual view to future-proof cloud security investments.

Lesson 3: DevOps and Security teams need greater collaboration
One of the greatest challenges organisations face when it comes to cloud security is collaboration between development, DevOps, IT and security teams. While DevOps and IT are tasked with speed of delivery, security teams are often consulted at the end of the software development and deployment process, making it difficult to fix vulnerabilities and misconfigurations before they’re already exposed to cybercriminals and other public-facing malicious actors.

Consolidated tools like CNAPP solutions help enhance collaboration between security and DevOps teams by identifying issues earlier in the workflow and alerting the relevant teams in their native development and deployment environments, automating the process while also not forcing those teams to become security experts and having to learn new tools.

When both teams use the same platform to manage security throughout the development lifecycle, security can be integrated into the DevOps process to provide continuous risk management across their entire attack surface, eliminating bottlenecks and increasing time to market.

Lesson 4: Cloud security workload must be reduced when teams are short-staffed
Hiring and retaining cybersecurity talent is now top-of-mind for Indian organisations. Four in ten organisations in India grapple with understaffed cybersecurity teams and the predicament goes beyond mere staffing concerns. A staggering 68 per cent of organisations in the country encounter difficulties in retaining talent within cybersecurity teams, as per ISACA’s global State of Cybersecurity Report for 2023.

As an industry grappling with a major skills gap, the added workload of tackling cloud security adds to cost and complexity. CNAPP solutions provide automated visibility and context, saving time and reducing the overall cost of securing cloud-native applications and workloads.

To remain competitive, organisations must reduce their cloud security workloads and ensure they are in line with their risk appetite and regulatory obligations. No business wants to spend all of its developer time on security tasks.

Successful organisations must increase business productivity by identifying the most critical misconfigurations and prioritising remediation of those that pose the greatest risk.

Securing the cloud is one of the most complicated challenges organisations will face in 2024. With the right CNAPP tools, organisations can make informed risk management decisions across the entire hybrid, multi-cloud attack surface that reduce risk and protect their most critical assets, datasets and intellectual properties.

In the year ahead, organisations must make concerted investments into cloud security solutions to help automate and extend their core cybersecurity functions to prevent attacks before they are successful and reduce overall cyber risk to the entire organisation.

The author is the Chief Security Strategist for Tenable, with expertise in vulnerability management and Cyber Exposure to executives and security professionals around the globe. The author has decades of experience in designing, implementing and managing technical and non-technical security solutions for IT and information security organizations