Misconfigured system an emerging threat
It may be hard to think of a misconfigured system as a threat, but it can be the silent killer. To that point, publicly disclosed misconfiguration incidents increased 20 percent year-over-year, a new report found.
While there was a rise in incidents, on the positive side, misconfigurations were not responsible for as many compromised records as the year before. There was a 52 percent decrease in records compromised because of this threat vector, according to the IBM X-Force Threat Intelligence Index 2019.
Misconfigured cloud servers that include publicly accessible cloud storage, unsecured cloud databases, and improperly secured rsync backups, or open Internet connected network area storage devices contributed to the exposure of more than 990 million records in 2018. This represents 43 percent of the more than 2.7 billion compromised records tracked by X-Force research for the year.
While this number is notably lower than the 2 billion records compromised in 2017, the total number of publicly disclosed incidents that were attributed to misconfigured assets still increased 20 percent, year-over-year, the report said.
A 2018 survey indicated that misconfiguration is now the single-biggest risk to cloud security, with 62 percent of surveyed IT and security professionals noting it as a problem, followed by misuse of employee credentials or improper access at 55 percent, and non-secure interfaces at 50 percent.
Misconfigured systems often give attackers access to a plethora of data including email addresses, user names, passwords, credit card and health data, and national identification numbers. In one of the largest incidents in 2018, a major marketing firm leaked 340 million records of personal data including addresses, phone numbers, family structures, and extensive profiling data.
Misconfigured systems could potentially expose internal company communications across a firm’s entire global footprint and even lead to detrimental exposure of intellectual property, trade secrets, and the organization’s strategic plans, the report said.
Leaked login data from misconfigured assets can be used in targeted brute-force attacks where user IDs and passwords are reused across multiple assets and websites, the report said. Exposed data could also be used as part of larger identity theft schemes and to perform fraudulent activity. While most publicly disclosed breaches involving misconfigurations appear to be the result of inadvertent actions, a malicious insider could purposefully expose data and make it appear as an unintentional act.
EU-OSHA’s flagship awareness-raising activity is a pan-European campaign named the Healthy Workplaces Campaign. Under the slogan “Safety and health at work is everyone’s concern. It’s good for you. It’s good for business,” activities in a given cycle cover a specific topic, aimed at spreading the message to workplaces all over Europe and beyond.
In today's dynamic and interdependent world, traditional jobs are losing ground due to the rise of the gig economy. Modern blue and white collar workers now have the opportunity to choose to whom they will give their time, where will they work and under which conditions.