Advice: Focus on these three risky behaviours to boost cloud security

Computer Weekly has advised IT users to focus on just three risky behaviours to boost their security protection.

The advice says:

Some 80% of cloud security alerts are triggered by just 5% of security rules. Security teams can substantially improve their resilience by zeroing in on a small set of risky behaviours.

Users of cloud computing resources have a tendency to make the same mistakes repeatedly, with the vast majority – approximately 80% – of alerts seen by security teams triggered by a scant 5% of security rules, according to findings set out in a report compiled by Palo Alto Networks’ Unit 42 research unit.

Analysis of workloads drawn from 210,000 cloud accounts across 1,200 different organisations found that almost every organisation had a small set of risky behaviours that could be frequently observed.

The most regularly seen were unrestricted firewall polices, exposed databases and unenforced multifactor authentication.

The research team also found that it takes 145 hours – around six days – for a security alert to be responded to on average, and that 60% of organisations take longer than four days to resolve a security alert.

By prioritising remediation of these three issues, security teams can not only help their organisations maximise the return on their security investments, but potentially also eliminate many of their day-to-day headaches at a stroke.

Unit 42 said that organisations should expect the attack surface of cloud-native applications to continue to expand going forward, and for threat actors to find “increasingly creative” ways to target them.

Practical tips include putting in place enforced MFA (multifactor authentication. policies) and enabling features such as automated alert triage and remediation, control plane audit logs, automated backups and data-at-rest encryption.

Vigilance is  vitally important.

Please contact UK Business IT for advice on protecting your IT against threats. Call 01782 264455.