Companies prioritise convenience and speed over security

Report exposes slow shift-left adoption, rampant identity management risk, and cautious AI rollout across enterprises.

  • 10 months ago Posted in

Sysdig has revealed findings from its “2024 Cloud-Native Security and Usage Report.” Looking at real-world data, the seventh annual report details the dangerous practice of putting convenience before preventive security in pursuit of faster application development. This report comes on the heels of significant infrastructure breaches across well-known organizations and the recently updated Securities and Exchange Commission (SEC) cybersecurity and disclosure rules.

Derived from an analysis of millions of containers and thousands of cloud accounts, users, and roles, the “2024 Cloud-Native Security and Usage Report” explores how companies of all sizes and industries across the globe are using and securing cloud and containerized environments. Meet the researchers behind the report.

Report Highlights

69% of enterprises have yet to embed AI into their cloud environments: While 31% of companies have integrated AI frameworks and packages, only 15% of these integrations are used for generative AI tools such as large language models (LLMs). Considering the risk acceptance described in this year’s report, organizations are ignoring security best practices, yet they are cautious when it comes to implementing AI into their enterprise environments.

91% of runtime scans fail: In shift-left security, organizations scan early and often during the development phase, recognizing failed builds, correcting the code, and then redeploying. The goal is to catch issues before delivery, and before they become exploitable conditions for attackers. However, with 91% of runtime scans failing, teams appear to be relying more on threat detection than prevention.

Only 2% of granted permissions are being used: Identity management – for both humans and machines – has become the most overlooked cloud attack risk and opportunity for companies to improve their security posture, especially in light of well-known 2023 attacks that took advantage of overly permissive identities. In last year’s report, Sysdig saw 90% of permissions going unused, showing that this trend has worsened year over year.

Shorter container lifespans are not stopping attackers: The homogenous nature of cloud environments and attackers’ usage of automation for discovery and reconnaissance gives them a near-instant understanding of cloud environments and their opportunities to move laterally. Running vulnerable workloads, no matter how short-lived, leaves organizations at risk for attacks.

“Attackers are leveraging automation to exploit every point of weakness they can uncover,” said Crystal Morin, Cybersecurity Strategist at Sysdig. “This year’s report shows that many companies are chasing faster innovation at the cost of more comprehensive security – a gamble that poses real business risks.”

“Though I am unsurprised by the apprehension around the security of new technologies like AI, I am disheartened by the massive number of excessive permissions being administered, especially for machine identities. It feels a bit like obsessing over a plane crash while regularly running stop signs with no seatbelt on,” said Anna Belak, Director, Office of Cybersecurity Strategy at Sysdig.

Kyndryl and WPP, the creative transformation company, have created a modern, digital workplace...
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the...
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t...
PagerDuty has released a study that reveals service disruptions remain a critical concern for IT...
NVIDIA continues to dominate the AI hardware market: powering over 2x the enterprise AI deployments...
Skillsoft has released new research exploring organizations’ strategic priorities for 2025 and...
Only 45% of business data is fully utilised in decision-making, while 34% of business leaders state...
Hitachi Vantara survey finds data demands to triple by 2026, highlighting critical role of data...