To find out if they could discover any causes on why companies keep on exposing their data through misconfigured cloud storage, researchers from Rapid7 examined 121 publicly known data breach cases in 2020, SiliconANGLE reported.
There were 15 industries cited among the affected firms in the 121 breaches, with health care, entertainment, information and professional being the most well-represented. An average of roughly 10 instances per month were recorded last year, with citizen researchers uncovering 62% of those incidents rather than criminal attackers. Only two individual researchers were responsible for 35% of all instances. Datasets containing credentials such as personal financial information, health care information and usernames and passwords were the most exposed data. The average data breach resulted in the exposure of 10 million records, but a single "mega breach" resulted in the exposure of over 20 billion records.
According to the researchers, companies should prioritize the deployment of a new security model that enables continuous enforcement of controls and assures secure configurations of all cloud services to prevent experiencing an incident from such cloud misconfigurations. "Note that this activity is not a 'set it and forget it' task, and all current and new cloud resources should be monitored and have policies enforced continually to avoid even a temporary exposure of these often dynamic environments," they wrote.