While most organizations have already adopted cloud systems, the volume of attacks grew by 48% last year, with a focus on login credentials
Identity and credentials are the top security risks facing businesses around the world in an increasingly advanced threat landscape. In 2022, while numbers showed that 98% of global organizations had already adopted at least one cloud-based service, there was a 48% increase in attacks against this type of service, with login information being the gold of time.
- 10 years later, the concept of zero trust remains as relevant as ever
- Hybrid Security | The concept combines human analysis and artificial intelligence for greater protection
The data presented by Check Point Research, the threat intelligence division of the cybersecurity firm, shows a path of no return and, in addition, a large attack surface. While in general terms attacks against the cloud are still 17% lower than attempts to intrude internal networks, experts report a change in attacker behavior and the search for access vectors that can lead to intrusions.
Omer Dembinsky, manager of the Data Research Group at Check Point Software, points out that the exploitation rate of the vulnerability is higher in cloud-based environments. The idea, according to him, is that working with known but not yet updated openings in these infrastructures is easier and has a better chance of success; as the cloud becomes the norm, therefore, the trend is for this type of offensive to escalate, setting off a red alert for businesses.
“Most of these vulnerabilities go hand in hand with access rights,” the expert points out. He points to the complexity of the cloud as a determining factor, since it is no longer just human users accessing services, but also machines, APIs, software, providers, partners and other connections; again, there is a large attack surface and more leeway to slide.
Bandit interest only increases as we look at other data, such as a cloud computing market with an estimated $1.5 billion+ in revenue by 2030 or an expectation that, by next year, 80% of medium IT companies will be dedicated to the cloud. To further compound a potential problem, according to Check Point, 76 percent of organizations that have already adopted the technology use multiple environments from different vendors, which increases the complexity of protection.
Zero trust and minimal privileges

Check Point cites visibility, cloud correlation, and intelligent thinking about potential threats and hotspots as the cornerstones of a prevention strategy in this type of scenario. In addition, the appointment is for the adoption of a principle of least privilege (POLP, its acronym in English), part of a zero trust approach considered essential to control identities and minimize damage in the event of an invasion.
“A given user or identity should have only the exact privileges needed to perform their specific tasks; any additional access is useless and risky,” sums up Dembinsky. In addition to periodic and stringent zero-trust authentication, POLP helps ensure there is no lateral movement or unauthorized access, which reduces the possibility of more serious damage.
The security firm also points out an important Achilles heel that, if recognized, helps maintain security: human users cannot keep up with the flow of attacks, their sophistication and other elements, with the necessary speed to become the safety barrier they need to be. And since identity is at the heart of it all, technology has to lend a hand.
The recommendation concerns the use of cloud integration platforms and full visibility of networks and connections, so that the supervision, management and mediation of access controls are effective. Threat intelligence (artificial) comes into play to reduce the number of false positives, but also to detect possible real attacks, based on behaviors and telemetry data that derive, again, from being able to see everything that happens.
Data analytics also ensures the creation of specific best practices for each business segment, as well as the creation of user groups that eliminate the need to separate tasks individually. Above all, for the security enterprise, it is a time of revolution, with the key realization that the old systems of identity management are no longer suited to the new realities, which require modern approaches.
Trending on Canaltech:
- 7 Best Google Drive Alternatives for Cloud Storage
- Uber launches shopping club with discounts for drivers
- MIT develops 3D printed heart that mimics patient anatomy and function
- The 10 most watched series of the week (02/26/2023)
- The satellite with an air pollution detector will help NASA with its studies
- 5 reasons NOT to buy the new Honda Civic Hybrid
Source: Terra

Rose James is a Gossipify movie and series reviewer known for her in-depth analysis and unique perspective on the latest releases. With a background in film studies, she provides engaging and informative reviews, and keeps readers up to date with industry trends and emerging talents.