Here is a rewritten version of the content without changing its meaning, retaining the original length, and keeping proper headings and titles:
In 2024, India detected over 369 million security incidents across 8.44 million endpoints, which translates to 11 new cyber threats emerging every second. With 62% of these threats coming from the cloud, it’s essential to reassess cybersecurity strategies. Traditionally, cyberattacks targeted government agencies and business hubs like Delhi, Mumbai, Bengaluru, and Hyderabad. However, according to the Data Security Council of India, tier-2 cities such as Surat, Jaipur, and Ahmedabad experienced a significant surge in cyberattacks in 2024 due to weaker cybersecurity defenses.
These tier-2 cities are becoming key players in India’s technological and economic landscape, with large organizations establishing R&D centers and global capability hubs. However, inadequate cybersecurity measures have made them attractive targets for attackers, particularly those exploiting misconfigured or poorly protected cloud resources. Nearly half of Indian organizations are located in tier-2 cities, making it crucial for businesses to prioritize robust cloud security strategies to ensure their digital transformation journeys are not derailed by preventable cyber threats.
Unpacking the Cloud Security Challenge in Tier-2 Cities
The surge in Common Vulnerabilities and Exposures (CVEs) often leaves organizations grappling with questions about which vulnerabilities to prioritize and whether to remediate every CVE. However, attempting to address all vulnerabilities is impractical and unsustainable. The widespread adoption of cloud technology has expanded the attack surface, emboldening threat actors with new entry points. Threat intelligence and vulnerability management remain essential, but they fall short of providing a comprehensive view of cyber risk, especially in cloud environments.
A significant blind spot lies in the lack of visibility into cloud assets, leaving organizations unaware of publicly exposed or overly privileged cloud resources. This heightened risk is not due to the cloud itself but how organizations manage and secure the data within it and the users who access it. For tier-2 cities to sustain growth and innovation, organizations must shift their focus from reactive to proactive cloud security measures, gain visibility into their digital environments, and prioritize risk management.
Making Cloud Security a Priority
Identity is the new perimeter for the cloud, where 84% of organizations have unused or longstanding access keys with excessive permissions. These identities are often forgotten, which adversaries target to access sensitive data without drawing attention. Organizations must enforce strict zero-trust policies for identity and access management, implementing just-in-time controls, regular passkey rotations, and strict audits of permissions.
Focus on Vulnerabilities that Pose the Greatest Business Risk
In cloud environments, vulnerabilities arise frequently and faster than the speed of remediation. Tenable’s Cloud Risk Report 2024 found that 80% of cloud workloads were left unpatched for more than a month, even after severe vulnerabilities were discovered. Vulnerability management must become a priority, and organizations should prioritize vulnerabilities that exist on publicly exposed workloads or highly privileged systems.
Safeguard the Cloud from Public Exposure
Poorly configured cloud storage solutions provide easy entry points into an organization’s IT infrastructure, and 74% of organizations have publicly exposed storage assets. These storage buckets often contain sensitive data at risk of theft. Reviewing configurations is the first step, and organizations must implement least-privilege strategies for publicly exposed assets, apply encryption where possible, and adopt tools to flag anomalous behavior.
Stricter controls are crucial in Kubernetes environments, and public access should be restricted through firewall rules or network policies. Role-based access controls should limit container administration and restrict privileges, securing cloud-native applications and protecting the platforms driving digital transformation.
Perfect cybersecurity is unattainable, and mistakes are inevitable. However, resilience lies in how organizations respond. For tier-2 markets, proactive measures are essential to combat rising cyber threats. Cloud systems must prioritize cybersecurity at their core, and a unified approach is needed to combat the "toxic cloud trilogy" of limited visibility, poor coordination, and lack of contextual understanding.
By adopting cloud-native application protection platforms (CNAPPs), organizations can centralize identity, vulnerability, misconfiguration, and data risk management. These platforms empower security teams to visualize risks, prioritize critical vulnerabilities, and take decisive action. Fostering a culture where security evolves alongside cloud adoption enables organizations to minimize cyber risks, paving the way for innovation and growth without the looming threat of attacks.
About the Author
The author is Rajnish Gupta, Managing Director & Country Manager of Tenable India.
Disclaimer
The views expressed are solely of the author and ETCISO does not necessarily subscribe to it. ETCISO shall not be responsible for any damage caused to any person/organization directly or indirectly.
Source Link
