Datadog recently published its 2024 State of Cloud Security report, in which it analyzed security posture data from thousands of organizations that use AWS, Azure, or Google Cloud.
Key takeaways:
- Long-lived cloud credentials pose a major security risk to companies, as they never expire and frequently get leaked in source code, container images, build logs, and application artifacts.
- Research shows that most publicly documented cloud incidents are caused by compromised cloud credentials, both from humans (i.e., passwords) and applications.
- Assigning overprivileged permissions to cloud environments can create substantial risks, as any attacker who compromises the workload—for instance, by exploiting an application-level vulnerability—can steal the associated credentials and access the cloud environment.
What’s the lesson here?
While cloud environments are becoming more secure thanks to greater awareness of threats and vulnerabilities among individuals, as well as better enforcement of cloud security protocols among organizations, there are still risks to be aware of—especially as attackers adapt their techniques. What’s your 2025 data security strategy? Start here.
What other topics are trending?
- Internet Archive hacked, data breach impacts 31 million users: The nonprofit organization, known for its “Wayback Machine” initiative, has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.
- LastPass warns of fake support centers trying to steal customer data: The popular password manager is the latest victim of an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number.
- US sentences Nigerian to 26 years in prison for stealing millions through phishing: A resident of Leicester, UK, pleaded guilty to wire fraud and aggravated identity theft over the summer. According to court documents, he relied on phishing to compromise the email accounts of real estate businesses and gain access to them. The scheme is estimated to have caused roughly $12 million in losses; however, intended losses are said to have been over $100 million.
The Soapbox: Online conversations you don’t want to miss
Featuring insights from our Co-Founder & CTO, James Ciesielski.
What cool cybersecurity awareness initiatives has your company done?
My take? We take cybersecurity very seriously at Rewind, but we also like to have fun! For Cybersecurity Awareness Month in October, our Trust team held cybersecurity challenges to build awareness all month long. A highlight was the “phish your coworkers” challenge, which gamified our vigilance against the most common causes of security breaches. This encouraged discussions about the importance of being agile when it comes to data protection and disaster recovery planning.
Join the conversation on Reddit.
Schneider Electric was breached by HellCat Ransomware claiming access to their Atlassian Jira system
My take? It was only a matter of time before someone hacked a company’s Jira system. This just goes to show the importance of a robust data security strategy that considers all of your organization’s business-critical SaaS data. Maybe Schneider Electric could have avoided this data disaster by implementing a third-party backup and recovery solution to protect its assets and those of customers.
Join the conversation on X.
Subscribe to Retro for more!
Like what you read? Subscribe to Retro so you don’t miss any of our industry’s top stories and conversations.
Miriam Saslove
Miriam Saslove is a chronically online storyteller based in Montreal. She loves books, concerts, coffee, and helping brands foster engagement and awareness through impactful multi-channel content. Also puns.