A new report has highlighted some of the biggest cybersecurity mistakes coming from businesses, but also offered some advice on how to deal with these threats.
Research from Mandiant for Google Cloud outlined how, during the first three months of 2023, having a weak password or even not having one accounted for more than half (54.8%) of all cloud compromise factors, followed by misconfiguration in second place accounting for 19% and API exposure at 11.9%.
Being that compromised credentials are of greatest concern (a further 7.1% of factors were made up of leaked passwords), Google Cloud shifts the emphasis onto the company to implement stronger identity management guardrails at org level.
Businesses continue to make cybersecurity mistakes
The company also made a note of malicious Android apps that are also targeting employees’ credentials. Without protective measures in place, those issued with business phones may download apps of their own accord.
Google pointed out a common tactic observed whereby threat actors create a seemingly legitimate app in order to gain Play Store approval before updating it to carry a malicious payload.
Companies can take simple action to prevent this by creating application allowlists across their fleet of smartphones and tablets.
While smaller in number, domain and IP compromises were also prevalent in the first quarter of 2023, with remedies including adequate endpoint protection and regular scanning and examination.
Finally, a distinct threat to the telecommunications industry was recorded with breaches affecting T-Mobile, AT&T, and Dish all in the US alone during the first half of 2023. Other cyber, DDoS, and ransomware attacks were also observed, which Google Cloud puts down to threats both from nation-states and other cybercriminals.
As businesses continue their transition to cloud, it’s clear than an enhanced focus on cybersecurity is needed in an era of increased attacks in order to secure sensitive information.
- Check out our roundup of the best cloud storage options around