Companies put convenience and speed above security in app deployments
A new report from cloud security company Sysdig reveals that many businesses are indulging in the dangerous practice of putting convenience before preventive security in pursuit of faster application development.
"Attackers are leveraging automation to exploit every point of weakness they can uncover," says Crystal Morin, cybersecurity strategist at Sysdig. "This year's report shows that many companies are chasing faster innovation at the cost of more comprehensive security -- a gamble that poses real business risks."
While 31 percent of companies have integrated AI frameworks and packages, only 15 percent of these integrations are used for generative AI tools such as large language models (LLMs). So while organizations are ignoring security best practices they are cautious when it comes to implementing AI into their enterprise environments.
Identity management -- for both humans and machines -- has become the most overlooked cloud attack risk and opportunity for companies to improve their security posture, especially in light of well-known 2023 attacks that took advantage of overly permissive identities. In last year's report, Sysdig has seen 90 percent of permissions going unused, showing that this trend has worsened year on year.
"Though I am unsurprised by the apprehension around the security of new technologies like AI, I am disheartened by the massive number of excessive permissions being administered, especially for machine identities. It feels a bit like obsessing over a plane crash while regularly running stop signs with no seatbelt on," says Anna Belak, director, Office of Cybersecurity Strategy at Sysdig.
Among other findings 91 percent of runtime scans are failing, as teams appear to be relying more on threat detection than prevention. Also, although containers are short-lived -- 70 percent existing for five minutes or less -- cloud attacks are leveraging automation to work quickly and can happen in under 10 minutes.
You can find out more and get the full report on the Sysdig blog.
Image Credit: Stokkete / Shutterstock