In recent news, it has been reported that a staggering 86% of organizations experienced a security incident in their cloud native environment within the last year, as revealed by Venafi. This significant statistic sheds light on the growing risks and vulnerabilities present in modern application environments.
The repercussions of these security incidents are severe, with 53% of organizations having to delay application launches or slow down production time. Furthermore, 45% suffered outages or disruptions to their application services, while 30% reported that attackers could potentially gain unauthorized access to data, networks, and systems. These alarming numbers highlight the urgent need for enhanced security measures in cloud native environments.
One of the key points of concern raised by security leaders is the increasing threat to machine identities, specifically access tokens and their connected service accounts. A survey showed that 56% of organizations experienced a security incident related to machine identities in the past year, indicating a growing trend in targeted attacks on these credentials.
Additionally, 77% of security leaders expressed their belief that AI poisoning could become the new software supply chain attack, posing a significant threat to cybersecurity. Despite awareness of the dangers of supply chain attacks, 61% of respondents noted a decrease in focus on supply chain security by senior management in the past year, raising concerns about overall security preparedness.
A prevailing issue highlighted in the survey is the ongoing conflict between security professionals and developers, with 68% of security leaders believing that these two groups will always be at odds. Over half of respondents (54%) expressed frustration at the challenges of promoting a security-first mindset among developers, pointing to a persistent struggle in achieving alignment between security and development teams.
In response to the growing threats faced by cloud native environments, Kevin Bocek, Chief Innovation Officer at Venafi, emphasized the urgent need for enhanced security measures. Bocek warned that cybercriminals are actively targeting cloud native infrastructure, deploying AI and exploiting machine identities to gain unauthorized access on a large scale. The volume, variety, and velocity of machine identities present an attractive target for attackers, posing a significant risk to organizational security.
Furthermore, concerns were raised about the increasing pressure on cloud native security, with attackers targeting these environments to compromise AI models and applications. Issues such as AI poisoning, model theft, AI-led social engineering, and provenance in the AI supply chain were cited as major areas of concern among security leaders.
The complexity of cloud native environments was identified as a contributing factor to the high incidence of security incidents related to machine identities. The growing challenges in managing and securing machine identities, such as access tokens and certificates, underscore the need for proactive security measures to mitigate risks effectively.
Overall, the survey findings emphasize the critical importance of prioritizing machine identity security in cloud native technologies. Security teams are urged to invest in automated, end-to-end machine identity security programs to enhance cloud native security, ensure operational stability, and support business growth in an increasingly risky cybersecurity landscape.