The threat landscape changes over time

rakhirhif8963 · Post by **rakhirhif8963** » Thu Feb 06, 2025 4:58 am

Second, it is important to understand how the public cloud fits into the context of the changing threat landscape, as the security fears and concerns we had when the cloud first emerged are different from those we experience today.

At the time, most people were primarily concerned about the security of the cloud itself—its underlying infrastructure and systems. People viewed “shared computing” as a serious risk and were trying to figure out the shared responsibility model created by AWS and subsequent providers.

There have been many high-profile breaches involving public clouds over a decade-plus. But if you dig into the details of these breaches, you’ll find a common theme, and it’s not public cloud infrastructure or general computing. The entry point for attackers was almost always a misconfiguration that opened a security hole that they could drive a truck through. Misconfigured S3 buckets, exposed administrative access to Kubernetes consoles, standard API/application vulnerabilities that could have been blocked by a traditional web application firewall.

These are basic security mistakes that go beyond technology.

And while they remain, the risk associated with identity threats is much higher today.

Indeed, it can be argued that a decade of misconfigurations and failure to patch vulnerabilities has led to the emergence of modern identity threats. With every breach, more credentials are leaked, and every account that ends up on the dark web sets in motion a vast network of attackers whose goal is to hijack accounts to gain access to data and financial resources. Credit cards, bank accounts, payment processors, corporate assets that can be encrypted and held ransom.

To say that personal identity is the biggest denmark mobile database today is not an exaggeration:

A total of 47% of cyber attacks target password credential vulnerabilities using password spraying, credential stuffing, and brute force attacks.
Credential theft is the primary method used by attackers to gain access to a business.
Americans have already reported nearly 560,000 cases of identity theft nationwide in the first half of 2023 , according to the Federal Trade Commission (FTC). That puts the number of identity theft reports on track to exceed 1 million in 2023 — far more than any year before a pandemic since 2001.
The importance of protecting identities and the apparent ease with which attackers can steal them is greatly exacerbated by hybrid IT and the inclusion of multiple public clouds in an enterprise architecture.

According to Strata’s “2023 State of Multi-Cloud Identity” study, managing fragmented applications and user identities across multiple cloud platforms was the top challenge for 67% of CISOs, with only 41% reporting they can enforce consistent access policies. That’s down 25% from last year, meaning life will be easier for attackers looking to compromise credentials to gain entry into the enterprise.