Study reveals that known vulnerabilities, unsecured storage assets and failure to follow best practices is leading to an average cloud attack path of only three steps to reach an organization’s crown jewels
PORTLAND, OR – September 13th, 2022 – Orca Security, the cloud security innovation leader, today released the 2022 State of the Public Cloud Security Report, which provides important insights into the current state of public cloud security and where the most critical security gaps are found. One of the report’s key findings is that the average attack path is only 3 steps away from a crown jewel asset*, which means an attacker only needs to find three connected and exploitable weaknesses in a cloud environment to exfiltrate data or hold an organization to ransom.
The report, compiled by the Orca Research Pod, includes key findings from analyzing cloud workload and configuration data captured from billions of cloud assets on AWS, Azure and Google Cloud scanned by the Orca Cloud Security Platform from January 1st until July 1st, 2022. The report identifies where critical security gaps are still being found and provides recommendations on what steps organizations can take to reduce their attack surface and improve cloud security postures.
“The security of the public cloud not only depends on cloud platforms providing a safe cloud infrastructure, but also very much on the state of an organization’s workloads, configurations and identities in the cloud”, said Avi Shua, CEO and co-founder, of Orca Security. ”Our latest State of the Public Cloud Security report reveals that there is still much work to be done in this area, from unpatched vulnerabilities and overly permissive identities to storage assets being left wide open. It is important to remember, however, that organizations can never fix all risks in their environment. They simply don’t have the manpower to do this. Instead, organizations should work strategically and ensure that the risks that endanger the organization’s most critical assets are always addressed first”.
Report Key Findings
The Orca Security 2022 State of the Public Cloud Security Report finds that:
About Orca Security
Orca Security is the industry-leading agentless Cloud Security Platform that identifies, prioritizes, and remediates risks. Orca Security connects to your environment in minutes with patent-pending SideScanning technology to provide complete coverage across vulnerabilities, malware, misconfigurations, lateral movement risks, weak and leaked passwords, and overly permissive identities. Founded in 2019, Orca Security is trusted by hundreds of customers globally, including Databricks, Autodesk, NCR, Gannett, and Robinhood. Connect your first account in minutes: https://orca.security or take the free cloud risk assessment.
*A ‘crown jewel’ asset includes sensitive data (such as PII or financials), credentials that allow root access, and other assets identified as business critical.