An industry-wide survey has highlighted ‘inadequate’ security response times and vulnerability management, with companies taking 145 hours on average to respond to security alerts.
In addition to the low overall average, 60% of surveyed organizations were found to take longer than four days to resolve security alerts, and 80% of alerts arose after just 5% of security rules were triggered.
Researchers at Palo Alto Networks' Unit 42 analyzed the cloud environments of more than 1,300 organizations over the past 12 months for its report.
The researchers noted that speed is necessary when it comes to fixing vulnerabilities and misconfigurations, as threat actors move quickly to exploit new attack surfaces.
Previous research by Unit 42 showed that 80% of ‘honeypot infrastructure’, purposefully exposed cloud services intended to draw threat actors for attack analysis, was compromised within 24 hours of going online, with the rest taking less than a week.
The report showed that a large number of alerts could be prevented if organizations focused on following a few common policies more closely.
These included the enforcement of multi-factor authentication (MFA) and firewall rules. On MFA, the report found that 76% of organizations don’t enforce MFA for console users, and 58% don’t enforce them for admin users.
This opens firms up to brute-force attacks, one of the top password-cracking techniques used by hackers, which were found to be used against 43% of the participants’ cloud consoles.
Prioritize Zero Trust for better cloud security
Working together to enable a Zero Trust approach
“The dynamic nature of cloud technology – with feature updates in public cloud services, new attack methods, and the widespread use of open source code – is now driving awareness of the risks inherent to modern, cloud-native development,” said Ankur Shah, SVP of Prisma Cloud at Palo Alto Networks.
“The more organizations that adopt cloud-native technologies, the higher the number of cloud-native applications becomes. The popularity and complexity of the technology then expands the attack surface with vulnerabilities and misconfigurations for cybercriminals to exploit.”
The report also found that nearly two-thirds (63%) of source code repositories observed within production environments contained high or critical-severity vulnerabilities, and that over half of these were at least two years old.
Researchers linked the prominent use of open source software to an increased need for vulnerability vigilance on the part of organizations.
They also looked at the four most common web application vulnerabilities, comprising cross-site scripting (XSS), SQL injection, cross-site request forgery (CSRF) and directory traversal.
All four were found to have grown 1.9 times faster than average in 2021. XSS alone has more than tripled in frequency in the past decade, and results indicated that SQL injection was also undergoing a sharp rise across the surveyed period.
In terms of specific vulnerabilities, Log4Shell (CVE-2021-44228) and Spring4Shell (CVE-2022-22965) were the two most-exploited by threat actors in 2022. Despite now being widely known, Log4Shell persists as a threat and was used by Iranian state-sponsored hackers to breach a federal agency in 2022.
