Intelligent CIO Europe Issue 47 - Page 21

LATEST INTELLIGENCE

2021 CLOUD MISCONFIGURATIONS REPORT

e

Executive Summary
In the middle of 2021 , as the working world for knowledge workers seems to be returning to normal , Rapid7 researchers took a look at 121 publicly reported data exposure incidents that were disclosed in 2020 to see if we could find some common causes and circumstances among them . independent researchers ( rather than criminal attackers ). Notably , 35 % of the total incidents were sourced from only two specific individual researchers .
• The most common type of exposure reported was insufficiently protected Amazon Simple Storage Service ( S3 ) buckets and Elasticsearch databases , which account for 45 % of all reported exposures in 2020 .
PRESENTED BY
As a result of this research , we found that :
• Of the 121 published incidents , 15 industries were represented among the affected organizations , with Information , Entertainment , Professional , and ( perhaps most worryingly ) Healthcare being the most represented in the data set .
• An array of 14 information types ( including ‘ other ’) were reported exposed ; most notably , datasets concerning credentials ( usernames and passwords ), personal financial information , and personal health information were among the reported incidents .
• Through 2020 , we saw an average of about 10 incidents a month reported , and a preponderance of these incidents ( 62 %) were discovered by
For more detail on the corpus of reported events , please see Appendix A .
Introduction
Despite the promises of power and productivity , moving business processes and mission-critical data to the cloud can be perilous if one overlooks key safety and resilience configurations and controls .
When those misconfiguration missteps occur , data can be exposed , leaving organizations with the unpleasant tasks of breach response , not to mention the regulatory and legal consequences if that data is personally identifiable information , sensitive health information , or other specially sensitive categories of data . p
Download whitepaper here
www . intelligentcio . com INTELLIGENTCIO EUROPE 21