By Arthur Capella.
The dependence on data and technology in general means that organizations face the constant challenge of improving the security level of their environments and infrastructures. According to the Tenable Cloud Risk Report 2024 study, 74% of organizations make their storage assets public, including those containing sensitive data.
This level of exposure is a risk that goes beyond a simple operational error and represents a critical vulnerability that can be exploited by cybercriminals, particularly in ransomware attacks.
The main reason for this exposure is, in most cases, related to granting unnecessary or excessive permissions. In an effort to streamline operations and facilitate the flow of information, many companies are beginning to implement lenient policies that inadvertently leave sensitive files and data publicly accessible. This means that a confidential financial report or customer list can be accessed not only by employees but also by hackers.
When storage assets become publicly available on poorly configured cloud servers or poorly managed data stores, they become an easy target for cybercriminals. All an attacker needs to do is discover these vulnerabilities to launch an attack. Ransomware is one of the most popular methods of exploiting these flaws; because it not only blocks the criminal from accessing the company’s own data, but also threatens to publish that data unless a ransom is paid.
Ransomware, already one of the biggest threats in the cybersecurity scenario, becomes even more devastating when it finds open doors through public disclosure of assets. In addition to disrupting core operations, the attack can cause significant financial losses due to both business disruption and the cost of paying ransom.
But the impact isn’t just limited to finances. Apart from the possible legal repercussions, especially in industries where data protection is regulated by laws such as GDPR or LGPD, there is also an increase in distrust on the part of customers, partners and the market in general.
Often companies exposed to ransomware attacks cannot fully recover their data even after paying the ransom. Therefore, in addition to direct loss, the company may also face long-term consequences such as damage to its reputation and loss of competitiveness in the market.
With nearly three out of every four assets publicly available, it is attractive to cybercriminals and is a significant risk that can have devastating consequences for an organization. Proactive management becomes essential.
Adopting privilege policies, regular audits, and the use of encryption can significantly reduce the attack surface and protect the company against today’s threats.
****
General Manager of Tenable in Brazil since June 2019. Capella, who has more than 20 years of experience in the cybersecurity industry, was responsible for opening and managing Palo Alto Networks in Brazil and previously operating IronPort in the country. He also held management and business development roles at IBM, Xerox and Embratel. The manager holds a Business Administration degree from UFRJ and an MBA in Marketing and Strategies from the same institution.
Source: Tec Mundo
I am a passionate and hardworking journalist with an eye for detail. I specialize in the field of news reporting, and have been writing for Gadget Onus, a renowned online news site, since 2019. As the author of their Hot News section, I’m proud to be at the forefront of today’s headlines and current affairs.