The 2025 State of Cloud Security Report highlights escalating challenges in cloud security, including rising data exposure, vulnerabilities, and attack paths exacerbated by AI adoption. It underscores the importance of managing neglected assets, securing Kubernetes environments, and controlling identity and access to mitigate evolving threats. #OrcaResearchPod #APT29 #Log4Shell #Spring4Shell #KubernetesSecurity #AIvulnerabilities
Keypoints
- The report follows a structured format with sections including Foreword, About the Orca Research Pod, Executive Summary, Key Findings, and detailed chapters on topics such as AI Security, Attack Paths, Data Exposure, Vulnerabilities, Neglected Assets, Identity & Access, Application Security, Kubernetes, and Recommendations.
- Key statistics reveal that 38% of organizations with sensitive data have exposed databases, 115 average vulnerabilities per cloud asset, and 13% of organizations have assets creating over 1,000 attack paths, illustrating an expanding and interconnected attack surface.
- Multi-cloud adoption is prevalent, with 55% of organizations using multiple cloud providers, and AI is adopted by 84% of organizations though 62% have vulnerable AI packages associated with critical CVEs.
- Vulnerabilities remain a persistent challenge, with 58% of organizations managing vulnerabilities older than 20 years, including exposure to zero-day exploits like Log4Shell and Spring4Shell, often on public-facing assets.
- Neglected assets, defined by unsupported or unpatched systems, comprise 32% of cloud assets on average, frequently internet-accessible and targeted by advanced persistent threats such as APT29.
- Lateral movement risks increased, with 76% of organizations possessing public-facing assets enabling such movement, heightening the chance of privilege escalation and data compromise.
- Secrets exposure is significant, with 85% of organizations having plaintext secrets in source code repositories; 36% of these are active in the main branch, enabling attackers real-time exploitation.
- Infrastructure-as-Code (IaC) and Source Code Management (SCM) misconfigurations persist, with 20% of organizations allowing cross-account IAM role access without MFA and 40% permitting workflows that can bypass code reviews in GitHub Actions.
- Kubernetes adoption is growing rapidly at 70%, but creates new risks: 30% have publicly exposed Kubernetes assets and 93% have overprivileged service accounts, increasing the potential for privilege escalation and breach.
- The report stresses the Defenderβs Paradox: defenders must be right every time, attackers only once, highlighting the critical need for comprehensive risk detection, prioritization, and remediation strategies in complex multi-cloud AI-enabled environments.
Source: Awesome Annual Security Reports - The reports in this collection are limited to content which does not require a paid subscription, membership, or service contract. (https://github.com/jacobdjwilson/awesome-annual-security-reports/)