Google produced their first Cloud CISO perspective report providing a forward-thinking view of cloud security with intelligence on emerging threats and actionable recommendations from Google’s security experts.
The Google Cloud Threat Horizons H1 2024 Report provides decision-makers with strategic intelligence about threats to cloud enterprise users, along with cloud- specific research, based on intelligence-derived threat actor trends and expertise from Google Cloud security leaders and practitioners.
Most importantly, the report delivers recommendations on mitigating these risks and improving cloud security posture from Google’s intelligence and security teams, including Google Cloud’s Office of the CISO, Google’s Threat Analysis Group, Mandiant, and various Google Cloud product teams.
Among Google Cloud customers, the report found that credential issues were the most commonly observed security oversight. Even though cloud platforms invest in security, abuse detection, and mitigation, organizations should also monitor their cloud computing resources for suspicious activity.
An interesting notation for the report is the use of weak or non-existent passwords.
Credential abuse resulting in crypto mining remains a persistent issue, with threat actors continuing to exploit weak or nonexistent passwords to gain unauthorized access to cloud instances, while some threat actors are shifting to broader threat objectives.
CyberForce|Q previously discussed in our blog, Top 3 Discoveries From a Penetration Test, the risk of weak passwords. We provided recommendations for implementing a stronger password policy. Check it out!
As more industries and organizations move to the cloud, it will become an ever-more appealing target. Follow this link or copy the URL: https://services.google.com/fh/files/misc/threat_horizons_report_h12024.pdf to receive valuable insights to inform actionable steps to implement proactive security measures.
How can CyberForce|Q services help you address this risk?
Incident Response is a time-based situation and CyberForce|Q can assist with a potential incident in your environment. Our experienced Incident Response Team can be deployed 24x7x365 – reach out to solutions@cyberforceq.com.
Learn more about CyberForce|Q.