Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Could CTEM have prevented the Oracle Cloud breach?

byEditorial Team
October 5, 2025
in Cybersecurity

Possibly the biggest supply chain breach of 2025 involved over 140,000 compromised Oracle cloud tenants, which exposed more than 6 million records, with attackers maintaining access for months before discovery. The Oracle Cloud breach is one of the largest incidents against a major cloud provider ever, which explains why the company was reluctant to admit that it even happened.

The attack originated from an unmonitored, legacy Oracle Access Manager (OAM) server, which was exposed to CVE-2021-35587, a vulnerability in the authentication component that allowed remote attackers to bypass access controls and gain unauthorized entry.

The fact that this vulnerable server setup was allowed to remain active in one of the world’s largest cloud providers shows that security has become too reliant on reactive modes of defense. For that reason, Gartner is urging organizations to adopt Continuous Threat Exposure Management (CTEM), a proactive framework designed to continuously identify, assess, and remediate exposures before attackers can exploit them.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Here is how CTEM might have prevented the Oracle Cloud breach and saved thousands of companies from dealing with costly remediation bills and long-term reputational damage.

The value of continuous threat discovery

The vulnerability associated with the attack (CVE-2021-35587) was publicly disclosed in 2021. It has a published CVSS score, detailed exploit information, and detection signatures. So it is possible that the vulnerable OAM server remained undetected for up to four years.

Most commercial vulnerability scanners, such as Qualys, Nessus, or Rapid7, include plugins to identify unpatched OAM instances exposed to the internet, and would have easily flagged the server as both outdated and critically vulnerable if it had been within the scope of regular scanning.

The problem is that many organizations still rely on traditional vulnerability management that only uses scheduled scans against “known” assets. On the other hand, CTEM emphasizes continuous exposure discovery that extends across the entire attack surface, including shadow IT, legacy systems, and forgotten servers.

With that approach, organizations can flag vulnerable assets in real time and implement security measures before attackers ever find out about them.

Prioritizing vulnerabilities by business impact

After gaining an initial foothold in the OAM server, attackers were able to pivot into Oracle’s identity infrastructure, targeting critical systems like SSO and LDAP. That’s why the consequences of the breach were so severe.

Even if attackers exploit a legacy server, they should never be able to move laterally across the environment, especially not into high-value identity systems.

In a CTEM program, exposures tied to identity infrastructure are always classified as “crown jewel” assets. Ensuring the security of such systems is given priority due to the higher potential for business impact if they are compromised.

At a minimum, segmentation should be in place to separate identity systems from general traffic, along with continuous monitoring to detect abnormal authentication activity.

Measuring performance by remediation speed

According to a 2025 Clutch survey, 73% of businesses have experienced a cyber incident, and more than half (55%) were breached within just the past year. What usually separates a contained incident from a catastrophic breach is how quickly an organization can detect and remediate exposures.

The Oracle breach is a great example. Reports suggest attackers maintained persistent access for months before discovery. They had all the time in the world to identify sensitive information, extract it, and ultimately issue extortion demands.

That’s why remediation speed is a core principle in CTEM. The framework calls for organizations to measure and continuously improve Mean Time to Detect (MTTD) and Mean Time to Remediate (MTTR) as critical performance indicators.

This pushes security leaders to implement measures that ensure incidents are identified quickly, and remediated before they cause widespread damage to the business.

Transparency and communication matter

Visibility is essential in CTEM, and it doesn’t stop at technical exposures. A key principle of the framework is to ensure findings are communicated quickly and clearly across teams and stakeholders, so they can act on them promptly.

What Oracle did was the complete opposite. Internally, unmonitored systems like the OAM server went unnoticed, suggesting gaps in how exposures were tracked and escalated across teams. Externally, Oracle compounded the issue with conflicting statements and public denials, which left customers confused about the scope of the incident and uncertain about what actions to take.

Transparency is what drives trust and speed. Organizations that surface critical findings proactively and are able to communicate them to the relevant teams for remediation (whether internal or external) will stand out as trusted partners in both good and bad.

Conclusion

The Oracle Cloud breach shows that even organizations with the most resources and the latest and greatest security technologies can fall when they lack the right framework. This is a great lesson others can take on how you approach security matters much more than the number of tools or the size of the security budget.

CTEM is the perfect framework to adopt. It shifts the entire security culture from reactive to proactive, and provides much-needed structure when handling incidents or managing exposures.

Tags: trends

Related Posts

Free and effective anti-robocall tools are now available

Free and effective anti-robocall tools are now available

October 3, 2025
WestJet cyberattack: 1.2m passengers’ data stolen

WestJet cyberattack: 1.2m passengers’ data stolen

October 2, 2025
Wiz: AI vibe coding leads to insecure authentication

Wiz: AI vibe coding leads to insecure authentication

September 29, 2025
DHS uses AI to detect AI-generated child abuse material

DHS uses AI to detect AI-generated child abuse material

September 29, 2025
Salesforce Agentforce hit by Noma “ForcedLeak” exploit

Salesforce Agentforce hit by Noma “ForcedLeak” exploit

September 26, 2025
Co-op Group reports £75m loss after April cyber-attack

Co-op Group reports £75m loss after April cyber-attack

September 25, 2025

LATEST NEWS

Could CTEM have prevented the Oracle Cloud breach?

ChatGPT reportedly reduces reliance on Reddit as a data source

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Light-powered chip makes AI computation 100 times more efficient

Free and effective anti-robocall tools are now available

Choosing the right Web3 server: OVHcloud options for startups to enterprises

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.