Combating the Cyber Risks of Misconfigured Cloud Services

Cloud misconfigurations continue to be one of the biggest threats to cloud email security, according to the National Security Agency (NSA). A 2022 IBM study found that cloud vulnerabilities have grown 28% since the previous year, with a 200% increase in cloud email accounts offered on the dark web within the same timeframe.

With vulnerabilities rising, it is clear that the impact of cloud email security breaches makes proper cloud security more critical than ever. This article will discuss what a cloud misconfiguration is, common cloud misconfiguration types, and how to minimize risks.

What Is The Risk of Cloud Misconfiguration?

A misconfiguration happens when the settings on a cloud-related system, asset, or tool fall short of protecting your network and data. This problem is growing more complicated because many companies use multiple cloud services for email, data storage, collaboration, customer relationship management, and other functions. Common misconfigurations you might experience include internet-exposed storage, failure to set up or update security configurations on common cloud platforms such as Microsoft 365, and the mismanagement of access privileges for data, applications, systems, and services. Microsoft 365 email security gaps must be closed before cybercriminals exploit them and then move across your business’s network from one cloud email service to another, intending to steal data or drop malware ransomware.

Experts say there is a correlation between how misconfigured you are and how susceptible you are to data exfiltration and other attacks. This impact is massive data breach, most of which resulted from a misconfiguration or a lack of the security basics in a cloud email environment over the past year. Multiple studies emphasize this problem, including:

• Verizon’s authoritative Data Breach Investigations Report observed convergence between the human element and system misconfigurations remained just above the 5th percentile. Still, it drove an estimated 13% of overall system breaches, with misconfigured cloud storage instances leading the trend.
• According to one industry estimate, 65% of publicly disclosed security incidents in the cloud resulted from customer misconfigurations.
• Companies aren’t quite as hard on themselves in the CSA's survey. Yet, they still rank security misconfigurations neck-in-neck with “cloud provider issues” as the cause of email security incidents. In some cases, breaches have led to disagreements between cloud email service providers and their customers regarding who was to blame.
• Misconfigurations cost companies nearly $3.18 trillion worldwide in 2019, based on the estimated cost of lost data.

Common Types of Misconfiguration

Overly Permissive Access

A cloud environment is considered overly permissive when too many cloud access permissions are enabled. The environment could include:

• Enabling legacy protocols on the cloud host.
• Enabling communication between private and public resources.
• Exposing external-facing ports.
• Exposing sensitive Application Programming Interfaces (API) without appropriate controls.

Storage Access Misconfigurations

Many times, organizations confuse “authenticated” users with “authorized” users, resulting in granted access to the “authenticated” users. Allowing access to an S3 bucket for all AWS users rather than all authorized users of the application is an example of this confusion. Access to storage buckets should be granted only within the organization. As a result of this misconfiguration, cybercriminals may access the storage and find crucial information like API keys, passwords, and other credentials as they actively scan AWS S3 buckets and public GitHub repositories. 

Unrestricted Inbound and Outbound Ports

When migrating to multi-cloud infrastructure, security teams should know the full range of open ports and restrict them to essential systems, locking down those that are not strictly necessary. Inbound ports pose security concerns, but outbound ports also create vulnerabilities through data exfiltration, lateral movement, and internal network scans, which can result in experiencing business email compromise. Granting access to a server from a public network or even from a network outside your VPN through various modes, such as RDP or SSH, is a common cloud misconfiguration that puts you at risk of data loss and violation.

Unlimited Access to Non-HTTP/HTTPS Ports

You should open the ports you need and block those you don’t need from the internet. Leaving these ports poorly configured provides an easy access point for attackers to exploit or brute-force the authentication. If these ports need to be opened to the internet, ensure the communication is encrypted and the traffic is restricted to specific addresses only.

Disabled or Under-Configured Monitoring and Logging

Logs are helpful if they are continuously monitored to take the appropriate actions. Ensure you have sufficient records for every activity that could lead to email security breaches. Implement automated and targeted alerts based on these logs so that any violation or suspicious activity can be identified and addressed before it results in a breach.

Default Credentials for Systems

Many development teams create default credentials for authentication to simplify the development process. For example, many groups have default credentials that are easy to guess or common knowledge.

Development Settings in the Production Environment

Another common misconfiguration is the use of development settings in production environments. In most cases, the settings and configurations that were suitable for the development environment will not be appropriate for production environments.

Not Following “Safe” Configurations for Third-Party Components

Various third-party libraries, components, and applications are used throughout the development process. Most software vendors will prescribe the best practices for email security or recommend safe implementations that have undergone email security testing. Correctly implementing these practices reduces the risk of email security breaches and increases the liability of these vendors in case a breach occurs.

How Can I Minimize Potential Risks?

Configuration often falls in the hands of the organization; it should not be taken lightly, nor should your business assume that storing data in the cloud alone guarantees safety. Adopting the best practices for email security can strengthen an organization’s cloud email security and prevent their data from being publicly exposed.

The best way to do this is by implementing an intelligent, fully-supported email security software solution that makes email safe for businesses by providing fully-managed, end-to-end control of an organization’s email infrastructure. This strategy should be reliable at detecting and quarantining malicious mail in real-time, ensuring that only safe, legitimate mail reaches the end user. Additionally, it should be seamlessly integrated with Microsoft 365 and Google Workspace to close critical email security gaps by bolstering inadequate native email security defenses.

Adequate email protection is contingent upon defense in depth. This requires that the multiple layers of security work harmoniously to detect and block threats in real-time, building on each other to provide more vital, more resilient protection than these features would individually. When informed by global Threat Intelligence data gathered through Artificial Intelligence (AI), Open-Source Intelligence (OSINT), and Machine Learning (ML), security will constantly learn from and adapt to the threats that challenge it and update its protection to remain ahead of emerging email threats and safeguard against future attacks.  

Innovative, multi-layered email protection should be accompanied by expert ongoing monitoring, maintenance, and support to enhance IT security and prevent advanced and emerging attacks. Admins need complete visibility into the threats targeting their organization and the security of their email via an accessible administrative portal designed to provide the insights required to make informed cybersecurity business decisions and improve the enforcement of company email security policies.

Keep Learning about Combating the Cyber Risks of Misconfigured Cloud Services

Research has found that the misconfiguration of cloud security is one of the leading causes of cyberattacks. Companies must understand how they contribute to the risks, impacts, and potential solutions to keep their organization safe. Maximizing your cloud email security requires solutions that can bolster the integrated security features offered by cloud service providers. The best email security software solution should provide a complete package of features, including advanced threat protection, network intrusion prevention, and fully managed email security services.

• Implementing a comprehensive email security software system can help prevent advanced threats, such as targeted spear phishing emails and malware ransomware.
• Improve your company’s posture to protect against attacks by following best practices for email security.
• Keeping the integrity of your email safe requires securing the cloud with spam filtering and enterprise-grade anti-spam services.
• Get the latest updates on how to stay safe online.