Staying Ahead of Evolving Cloud Threats: Strategies for CISOs in 2025

Cloud environments have increasingly become prime targets for cybercriminals, which will be a focal point in discussions among experts at the forthcoming security conference in Europe.

Recent studies indicate that nearly half of all data breaches now originate from the cloud, highlighting a critical vulnerability as approximately 80% of organizations reported experiencing a cloud security breach in the past year. This escalation is a direct consequence of enterprises transitioning their essential applications and data from on-premises solutions to cloud infrastructures in pursuit of enhanced operational efficiency.

However, many organizations have failed to update their security strategies in line with this transition, with a common misconception that they are completely transferring their security responsibilities to cloud service providers. The reality, governed by the shared responsibility model, is that organizations retain accountability for the protection of their data.

As the threat landscape evolves, cloud-based attacks have become more sophisticated, necessitating that security professionals remain informed about the latest threats and prioritize the protection of their businesses against potential breaches.

How Attackers Are Targeting the Cloud Today

Current insights reveal several primary techniques employed by threat actors to compromise cloud environments.

1. Vulnerability Exploitation

According to Bar Kaduri, Head of Security Research at Orca Security, the exploitation of vulnerabilities stands out as the primary attack vector within the cloud. As the number of newly published vulnerabilities continues to rise annually, security teams find it increasingly challenging to maintain adequate patching practices. Kaduri points out a concerning trend: organizations frequently leave publicly accessible assets unpatched, with 81% identified as such last year.

2. Non-Human Credential Compromise

There has been a notable rise in the compromise of non-human credentials, including API keys, OAuth tokens, and access tokens specific to cloud providers. Often, these compromises stem from accidental exposure when credentials are unintentionally disclosed. Threat actors are actively scanning public code repositories for mistakenly committed credentials, thus gaining unauthorized access to sensitive resources and facilitating data exfiltration.

3. Exploiting Cloud Misconfigurations

Misconfigurations within cloud systems continue to be a prevalent cause of breaches. Errors in system settings often leave data exposed or enable unauthorized access. Cloudflare has reported a surge in assaults specifically targeting misconfigured systems, such as open S3 buckets and unsecured Kubernetes clusters. Attackers have even employed these misconfigurations to create large Distributed Denial of Service (DDoS) botnets, exploiting compromised cloud instances.

4. Evolving Social Engineering Campaigns

The proliferation of social engineering attacks has further complicated the security landscape. Techniques such as phishing, vishing, and smishing have become prevalent, with attackers continually developing innovative tactics to circumvent multi-factor authentication (MFA) and other security measures.

Shadow AI

The emergence of unauthorized workloads in cloud environments poses a new challenge, especially with the rapid integration of AI technologies. This includes the deployment of large language models and associated model-training pipelines, often established without proper security vetting.

Best Practices for Cloud Security

To defend against these evolving threats, Chief Information Security Officers (CISOs) should focus on the following best practices:

– Protect Mission-Critical Assets: Organizations should have a comprehensive understanding of their cloud environments, ensuring that their most valuable data and assets are isolated and adequately protected.
– Secure Non-Human Identities: Enforce stringent authentication measures for all non-human credentials, employing the principle of least privilege and routine credential rotation.
– Implement Monitoring Practices: Deploy automated scanning tools to detect unintended exposures in public and internal code repositories. Anomaly-based monitoring of usage patterns can facilitate early detection of potential attacks.
– Prioritize Vulnerability Management: A risk-based approach to patch management is crucial. Organizations should continuously monitor and assess vulnerabilities to prioritize the most significant threats for immediate attention.
– Conduct Regular Audits: Regular assessments of cloud services help ensure adherence to security protocols and prevent misconfigurations.
– Enhance Employee Awareness and Training: Comprehensive training for all staff on best security practices and recognizing social engineering tactics can significantly reduce cloud security risks.

In summary, cloud security will remain a key discussion topic at security events, with industry leaders sharing vital insights and strategies for navigating the complexities of the current threat landscape.