Organizations average 145 hours to resolve security issues
Researchers found policy and vulnerability oversight is behind unnecessary weakness and delays across cloud environments
An industry-wide survey has highlighted ‘inadequate’ security response times and vulnerability management, with companies taking 145 hours on average to respond to security alerts.
In addition to the low overall average, 60% of surveyed organizations were found to take longer than four days to resolve security alerts, and 80% of alerts arose after just 5% of security rules were triggered.
Researchers at Palo Alto Networks' Unit 42 analyzed the cloud environments of more than 1,300 organizations over the past 12 months for its report.
The researchers noted that speed is necessary when it comes to fixing vulnerabilities and misconfigurations, as threat actors move quickly to exploit new attack surfaces.
Previous research by Unit 42 showed that 80% of ‘honeypot infrastructure’, purposefully exposed cloud services intended to draw threat actors for attack analysis, was compromised within 24 hours of going online, with the rest taking less than a week.
The report showed that a large number of alerts could be prevented if organizations focused on following a few common policies more closely.
These included the enforcement of multi-factor authentication (MFA) and firewall rules. On MFA, the report found that 76% of organizations don’t enforce MFA for console users, and 58% don’t enforce them for admin users.
Cloud Pro Newsletter
Stay up to date with the latest news and analysis from the world of cloud computing with our twice-weekly newsletter
This opens firms up to brute-force attacks, one of the top password-cracking techniques used by hackers, which were found to be used against 43% of the participants’ cloud consoles.
Prioritize Zero Trust for better cloud security
Working together to enable a Zero Trust approach
“The dynamic nature of cloud technology – with feature updates in public cloud services, new attack methods, and the widespread use of open source code – is now driving awareness of the risks inherent to modern, cloud-native development,” said Ankur Shah, SVP of Prisma Cloud at Palo Alto Networks.
“The more organizations that adopt cloud-native technologies, the higher the number of cloud-native applications becomes. The popularity and complexity of the technology then expands the attack surface with vulnerabilities and misconfigurations for cybercriminals to exploit.”
The report also found that nearly two-thirds (63%) of source code repositories observed within production environments contained high or critical-severity vulnerabilities, and that over half of these were at least two years old.
Researchers linked the prominent use of open source software to an increased need for vulnerability vigilance on the part of organizations.
They also looked at the four most common web application vulnerabilities, comprising cross-site scripting (XSS), SQL injection, cross-site request forgery (CSRF) and directory traversal.
All four were found to have grown 1.9 times faster than average in 2021. XSS alone has more than tripled in frequency in the past decade, and results indicated that SQL injection was also undergoing a sharp rise across the surveyed period.
In terms of specific vulnerabilities, Log4Shell (CVE-2021-44228) and Spring4Shell (CVE-2022-22965) were the two most-exploited by threat actors in 2022. Despite now being widely known, Log4Shell persists as a threat and was used by Iranian state-sponsored hackers to breach a federal agency in 2022.
Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.
In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.