Credentials and Misconfigurations Behind Most Cloud Breaches, Says AWS

New AWS report data reveals the top four security failure points in the cloud, including vulnerability exploitation (24%) and compromised credentials (20%). Learn why simple operational errors and human factors are the main cause of data breaches across cloud systems.

Businesses are rapidly moving into the public cloud, a change confirmed by the “Building Cloud Trust” report from Amazon Web Services (AWS) and UK-based research firm Vanson Bourne. This report is based on a survey of 2,800 technology and security firms across 13 countries conducted during September and October.

The findings show that while the public cloud is now central to how organisations operate, given its agility, they are simultaneously facing unexpected threats that demand continuous caution.

****Cloud is the New Standard****

The trend shows companies are no longer debating if they should use the cloud, but focusing on how fast. Almost all organisations (99%) are already building applications in the cloud. The use of older, on-premises systems is shrinking.

For example, the share of customer-facing applications running on-premises is predicted to drop from 51% to 40% in the next year, while the cloud share jumps from 70% to 77%. Organisations in the Asia Pacific (APJ) region are the most cloud-active, with 74% building internal applications there.

****Barriers Persist Despite Confidence****

Despite high confidence in the cloud’s capabilities, the top concern holding back adoption is increased cybersecurity and privacy issues, worrying 40% of businesses, the survey finds. Integration challenges with existing older systems are a concern for 38%, reflecting the complex path of connecting years-old systems with new cloud technology.

Vanson Bourne

In their report (PDF), researchers noted that approximately eight out of ten organisations reported a data breach in the past year, whether on-premises (78%) or in the public cloud (79%). This near-equal rate confirms that human factors also play a consistent role, as breaches typically happen because systems are too complex to manage correctly. The most common security-related issues identified are:

• Physical Theft (19% cloud / 14% on-premises).

• Misconfiguration (16% cloud / 11% on-premises).

• Vulnerability Exploitation (24% cloud / 20% on-premises).

• Compromised Credentials (20% cloud / 19% on-premises).

Security concerns also vary by industry. While Financial Services organisations are the least worried (34%), they are more focused than others on the cost of a provider’s security features versus the value they receive.

The consequences of these attacks are significant, as around a third of organisations surveyed reported operational downtime (35% on-premises / 31% cloud), brand or reputational damage (31% in both), and loss of sensitive data (31% on-premises / 30% cloud).

Vanson Bourne

****New Attacker Tricks****

Adding to this concern, the Darktrace 2024 Annual Threat Report revealed how attackers are increasingly using stolen credentials to gain initial access by abusing remote network access solutions like VPNs and VDI.

AiTM (Adversary-in-the-Middle) phishing emerged as a popular technique, which allows criminals to bypass multi-factor security checks (MFA) on cloud accounts. Once inside, stealing data remains a common goal, used in both financial extortion (like the RansomHub attacks) and state-linked espionage operations.

They prefer using a technique called Living-off-the-Land (LOTL) (abusing legitimate tools, processes, and software) to operate undetected and are also intensifying the exploitation of weaknesses in perimeter devices, such as Ivanti, Fortinet, and Palo Alto Networks firewall devices.

These reports confirm that while cloud is the crucial path for efficiency, success requires more than just migration; it relies on partnering with reliable cloud providers and constantly addressing operational mistakes and human factors.

As the AWS report concludes, “Confidence in the public cloud is no longer defined only by technical capability; it depends equally on transparency, reliability, and responsible conduct.”

“As the adoption of multi-factor authentication (MFA) continues to grow, human identities will become increasingly difficult for threat actors to target,“ said Elad Luz, Head of Research at Oasis Security.

“Consequently, we anticipate that attackers will shift more of their focus to non-human identities, which are often secured by only a single factor and therefore present an easier target for criminals to steal users’ credentials.“