Companies prioritise convenience and speed over security

Report exposes slow shift-left adoption, rampant identity management risk, and cautious AI rollout across enterprises.

  • Thursday, 8th February 2024 Posted 1 year ago in by Phil Alsop

Sysdig has revealed findings from its “2024 Cloud-Native Security and Usage Report.” Looking at real-world data, the seventh annual report details the dangerous practice of putting convenience before preventive security in pursuit of faster application development. This report comes on the heels of significant infrastructure breaches across well-known organizations and the recently updated Securities and Exchange Commission (SEC) cybersecurity and disclosure rules.

Derived from an analysis of millions of containers and thousands of cloud accounts, users, and roles, the “2024 Cloud-Native Security and Usage Report” explores how companies of all sizes and industries across the globe are using and securing cloud and containerized environments. Meet the researchers behind the report.

Report Highlights

69% of enterprises have yet to embed AI into their cloud environments: While 31% of companies have integrated AI frameworks and packages, only 15% of these integrations are used for generative AI tools such as large language models (LLMs). Considering the risk acceptance described in this year’s report, organizations are ignoring security best practices, yet they are cautious when it comes to implementing AI into their enterprise environments.

91% of runtime scans fail: In shift-left security, organizations scan early and often during the development phase, recognizing failed builds, correcting the code, and then redeploying. The goal is to catch issues before delivery, and before they become exploitable conditions for attackers. However, with 91% of runtime scans failing, teams appear to be relying more on threat detection than prevention.

Only 2% of granted permissions are being used: Identity management – for both humans and machines – has become the most overlooked cloud attack risk and opportunity for companies to improve their security posture, especially in light of well-known 2023 attacks that took advantage of overly permissive identities. In last year’s report, Sysdig saw 90% of permissions going unused, showing that this trend has worsened year over year.

Shorter container lifespans are not stopping attackers: The homogenous nature of cloud environments and attackers’ usage of automation for discovery and reconnaissance gives them a near-instant understanding of cloud environments and their opportunities to move laterally. Running vulnerable workloads, no matter how short-lived, leaves organizations at risk for attacks.

“Attackers are leveraging automation to exploit every point of weakness they can uncover,” said Crystal Morin, Cybersecurity Strategist at Sysdig. “This year’s report shows that many companies are chasing faster innovation at the cost of more comprehensive security – a gamble that poses real business risks.”

“Though I am unsurprised by the apprehension around the security of new technologies like AI, I am disheartened by the massive number of excessive permissions being administered, especially for machine identities. It feels a bit like obsessing over a plane crash while regularly running stop signs with no seatbelt on,” said Anna Belak, Director, Office of Cybersecurity Strategy at Sysdig.

AI 'empowers' CFOs

Posted 8 hours ago by Phil Alsop
Half (48%) of UK CFOs have been given additional responsibilities outside of their remit including in sustainability, cybersecurity, and HR. 76% of...
Tech leaders report security solutions not delivering value for money with tools going unused.
Despite economic headwinds, tighter AI regulations, Trump-era tariff policies, and escalating global trade tensions, the AI industry continues to...

AI data leaks impact 68% of organisations

Posted 2 days ago by Phil Alsop
Metomic surveyed over 400 security leaders from the U.S. and UK and found that more than half confirmed their organization regularly experienced...
60 per cent of business leaders are unsure about their organisation’s readiness for data and AI, signalling a critical obstacle to progress at a...
71% of executives report AI-driven productivity gains; only 22% of analysts agree.

Cyber threats continue to evolve

Posted 2 days ago by Phil Alsop
Veeam research highlights alarming recovery rates and emphasizes the urgent need for robust data resilience strategies.
As cybersecurity challenges intensify, AI will fuel Security Operations Center (SOC) advancements and empower human analysts to improve defense and...