Zscaler: Cloud infrastructure is highly vulnerable due to expanded attack surfaces

As per the 2021 "Exposed" report from the cloud security company Zscaler, around 400,000 servers that belongs to 1,500 companies worldwide are exposed and ascertainable over the internet, which means anyone in the world can attempt to access them, not just bad players.

Knowing about the server's existence makes it halfway for the players, who can then explore further around the application stack or server configuration for potential susceptibilities to exploit. For instance, the "Exposed" report discovered that 47% of the supported protocols were obsolete and vulnerable to attack.

Zscaler says the typical organization has an average of 262 servers exposed.

The report found that public cloud providers Amazon Web Services (AWS), Microsoft Azure Cloud, and Google Cloud Platform (GCP) is out for a massive risk of attack surface exposure with more than 60,500 instances, averaging 40 exposures per organization. Public cloud exposure can be predominantly dangerous as many IT security leaders may be uninformed about the scope of cloud infrastructure in use within their organizations. IT leaders should discover the degree of public cloud usage across their organizations and identify mediums to reduce the attack surface.

The hospitality industry, which comprises restaurants, bars, and food service vendors, had the highest exposed servers and public cloud instances on average. The exposure of AWS instances was 2.9 times more often than servers from other cloud providers. The COVID-19 pandemic possibly contributed to the exceeding number of exposed servers as several entrepreneurs had to scramble in a short timeframe to set up online ordering and digital payment systems.

According to Zscaler, the cloud exposure increases as the cloud continues to grow.

For the 2021 "Exposed" Report, Zscaler analyzed 1,500 organizations for the attack surfaces to emphasize and identify attack surface trends affecting businesses of all sizes across all geographies and industries. The time frame of the analysis for this report provided a prima facia at the potential impact on attack surface due to remote work during the global pandemic.