Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Cloud Security Threats to Watch Out for in 2023: Predictions and Mitigation Strategies

Published 06/29/2023

Cloud Security Threats to Watch Out for in 2023: Predictions and Mitigation Strategies

Written by Ashwin Chaudhary, CEO, Accedere.

As we move forward into the future, cloud computing is expected to become even more universal. With that comes an increased risk of cyber threats that could compromise sensitive data, systems, and networks. Here are some predictions on some of the most significant cloud security threats to watch out for in 2023, along with some mitigation strategies that organizations can adopt to protect their cloud environments.

Cloud Data Breaches

In a survey report by Statista Incorporated with Surfshark, 15 million data records were worldwide exposed due to data breaches in the third quarter of 2022. Comparing the current quarter to the previous one, this number has grown by 37%. The biggest amount of exposed data records were discovered in the fourth quarter of 2020—nearly 125 million data sets.

Predictions

Data breaches are one of the most significant threats facing cloud computing today. In 2023, it's predicted that cybercriminals will continue to target the cloud as a means of gaining access to sensitive information. This could include customer data, financial records, and proprietary business intelligence.

Cloud Misconfigurations

Below are a few examples of cloud misconfigurations and statistics.

  1. In February 2022, a misconfiguration in Google Cloud Storage resulted in the exposure of the personal information of over 23 million customers of a sports retailer.
  2. In March 2022, a misconfigured storage bucket in Microsoft Azure led to the leak of financial data and personally identifiable information (PII) of more than 5 million users of a health app.
  3. In April 2022, a misconfiguration in Amazon Web Services (AWS) was responsible for the leak of 533 million Facebook user records.
  4. In May 2022, a cloud misconfiguration at McDonald's exposed employee information, including Social Security numbers and bank account details, of nearly 12,000 workers across North America.

Predictions

Misconfigurations account for a significant chunk of cloud security incidents. Simple mistakes like failing to properly configure access controls or leaving default passwords in place can leave cloud resources vulnerable to attack. As cloud systems are growing complex, it's predicted that misconfigurations will become an even bigger challenge in 2023.

Cloud Ransomware Attacks

In another report by Statista in May 2023, In the first half of 2022 alone, there were 236.1 million ransomware attacks worldwide. Between the first and second quarters of 2022, ransomware attacks increased by 18%, from almost 130 million events to roughly 106 million instances globally. Ransomware alone affected 71% of businesses worldwide in 2022 and 62.9% of the victims of ransomware attacks paid the ransom.

Predictions

Ransomware attacks have been increasingly targeting cloud environments over the past few years. In 2023, it's predicted that these attacks will continue to evolve, with hackers leveraging new tactics to infiltrate and encrypt cloud-based data.

Cloud Malware and Botnets

According to CrowdStrike Intelligence, in 2022, cloud exploitation increased by 95% as "cloud-conscious" threat actors increased by almost three times. Also, there was an increase in access broker ads on the dark web by 112% and the average eCrime breakout time was 84 minutes.

Predictions

Malware and botnets are a persistent threat to cloud security. In 2023, it's expected that these threats will continue to evolve, with hackers using more sophisticated tactics like file-less malware to evade detection.

Insider Threats

On May 2022, Yahoo’s senior research scientist Qian Sang stole confidential information about Yahoo’s AdLearn product. The compromised data included 570,000 files containing source code, backend architecture information, secret algorithms, and other intellectual property.

On April 2023, Chris McGowan, Principal, Information Security Professional Practices, ISACA. A member of the Massachusetts Air National Guard was arrested by the FBI, in connection with the leaking of above top secret and classified documents that have been posted online, US Attorney General Merrick Garland announced.

Predictions

Insider threats remain a top concern for cloud security. In 2023, malicious insiders will likely continue to pose a significant risk to cloud environments.

Mitigation Strategies

Cloud Security Threats

Security Failure & Threats Impacts

Mitigation Strategies

Cloud Data Breaches

  • Data Encryption - Cryptographic Failure
  • Access Control - Broken Access Control
  • Monitoring Measures - Security monitoring & logging failure
  • Implement a robust data encryption mechanism.
  • Managing access control.
  • Continuously monitoring and reviewing measures.

Cloud Misconfigurations

  • Misconfiguration - Security Misconfiguration
  • Configuration Errors - Unsecure Design
  • Adopt a proactive approach of regular configuration reviews
  • Regular vulnerability checks and configuration reviews should be conducted at a defined interval and as and when required.

Cloud Ransomware Attacks

  • Incident Response - Insufficient Logging & Monitoring
  • Data Disposal issues and Unsecured Data storage.
  • Have a comprehensive incident response plan and a CSOC.
  • Implement a robust backup strategy and steps for restoring data with proper testing.

Cloud Malware and Botnets

  • Threat Detection - Vulnerable & Outdated Components
  • Implement advanced threat detection and mitigation tools.
  • Build techniques like interactive analysis and machine learning to identify and block threats in real time.

Insider Threats

  • Strict access controls - Broken Access Control
  • Limit privilege - Broken Authentication
  • Monitor user activity - Insecure Deserialization
  • Implement strict access controls.
  • Limit privileges based on job functions.
  • Monitor user activity across cloud systems.
  • Conducting regular training and awareness programs can also help employees identify and report suspicious activities.

As we move ahead in 2023, it's clear that cloud security threats will continue to evolve and become even more complex. By adopting a proactive approach to security that includes regular compliance audits (SOC 2, ISO27001, CCM, etc.), vulnerability assessments, pen testing, and robust incident response planning (CSOC), organizations can stay ahead of the curve and protect their cloud environments from cyber threats.


About the Author

Ashwin Chaudhary is the CEO of Accedere. He is a CPA from Colorado, MBA, CITP, CISA, CISM, CGEIT, CRISC, CISSP, CDPSE, CCSK, PMP, ISO27001 LA, ITILv3 certified cybersecurity professional with about 20 years of cybersecurity/privacy and 40 years of industry experience. He has managed many cybersecurity projects covering SOC reporting, ISO audits, VAPT assessments, Privacy, IoT, Governance Risk, and Compliance. For more information, you can visit us at https://accedere.io/.

Share this content on your favorite social network today!