Cloud misconfigurations expose over 33 billion records in two years
There's a growing trend towards data breaches caused by cloud misconfigurations, leading to 33.4 billion records being exposed in breaches in 2018 and 2019, amounting to nearly $5 trillion in costs to enterprises globally, according to a new report.
The study from cloud security and compliance specialist DivvyCloud finds the number of records exposed by misconfigurations rose by 80 percent from 2018 to 2019 and this trend is expected to persist.
"Data breaches caused by cloud misconfigurations have been dominating news headlines in recent years, and the vast majority of these incidents are avoidable," says Brian Johnson, chief executive officer and co-founder of DivvyCloud. "We know that more and more companies are adopting public cloud quickly because they need its speed and agility to be competitive and innovative in today’s fast-paced business landscape. The problem is, many of these companies are failing to adopt a holistic approach to security, which opens them up to undue risk. Secure cloud configuration must be a dynamic and continuous process, and it must include automated remediation."
Tech companies suffered the most data breaches at 41 percent, followed by healthcare at 20 percent, and government at 10 percent; hospitality, finance, retail, education, and business services all came in at under 10 percent each.
Elasticsearch misconfigurations made up 20 percent of all breaches, but these incidents accounted for 44 percent of all records exposed. S3 bucket misconfigurations accounted for 16 percent of all breaches, however, there were 45 percent fewer misconfigured S3 servers in 2019 compared to 2018. MongoDB misconfigurations were 12 percent of all incidents, and the number of misconfigured MongoDB instances nearly doubled year-on-year.
The full report is available from the DivvyCloud site.