Security Leaders Say Machine Identities – Such as Access Tokens and Service Accounts – Are Next Big Target for Cyberattack
16 Dezembro 2024 - 11:00AM
Business Wire
New Venafi Research Reveals 86% of
Organizations Had a Cloud Native-Related Security Incident in the
Last Year – Leading to Costly Delays, Outages and Data Breaches
Venafi, a CyberArk (NASDAQ: CYBR) company, today announced the
findings of its latest research report: The Impact of Machine
Identities on the State of Cloud Native Security in 2024. Surveying
800 security and IT decision-makers from large organizations across
the U.S., U.K., France and Germany, this second annual report
examines the top machine identity security trends and challenges
impacting the state of cloud native security today.
This press release features multimedia. View
the full release here:
https://www.businesswire.com/news/home/20241216555147/en/
Infographic: The Impact of Machine
Identities on the State of Cloud Native Security in 2024 (Graphic:
Business Wire)
This year’s findings reveal attackers are compromising cloud
native environments with alarming regularity. 86% of organizations
had a security incident related to their cloud native environment
within the last year. As a result, 53% of organizations had to
delay an application launch or slow down production time; 45%
suffered outages or disruption to their application service; and
30% said attackers could gain unauthorized access to data, networks
and systems.
Other key findings include:
- Service accounts are the next threat frontier: 88% of
security leaders believe machine identities – specifically access
tokens and their connected service accounts – are the next big
target for attackers. Over half (56%) have experienced a security
incident related to machine identities using service accounts in
the last year.
- Supply chain attacks tipped to get an AI makeover: 77%
of security leaders think AI poisoning will be the new software
supply chain attack. A further 84% believe supply chain attacks
remain a clear and present danger. However, a worrying 61% say
senior management has taken its focus off supply chain security in
the last year.
- Security and developer teams continue to clash: 68% of
security leaders believe security professionals and developers will
always be at odds, with 54% feeling they are fighting a losing
battle trying to get developers to have a security-first
mindset.
“The sleeping dragon is now awake: attackers are now actively
exploring cloud native infrastructure,” said Kevin Bocek, Chief
Innovation Officer at Venafi, a CyberArk Company. “A massive wave
of cyberattacks has now hit cloud native infrastructure, impacting
most modern application environments. To make matters worse,
cybercriminals are deploying AI in various ways to gain
unauthorized access and exploiting machine identities using service
accounts on a growing scale. The volume, variety and velocity of
machine identities are becoming an attacker’s dream.”
AI threats loom large on the horizon
Respondents also reported the risk of cloud native security
coming under increasing pressure as attackers target these
environments to compromise AI models and applications:
- 77% are concerned about AI poisoning, whereby AI data
inputs/outputs are manipulated for malicious purposes.
- 75% are worried about model theft.
- 73% are concerned about the use of AI-led social
engineering.
- A further 72% are worried about provenance in the AI supply
chain.
“There is huge potential for AI to transform our world
positively, but it needs to be protected,” Bocek continues.
“Whether it’s an attacker sneaking in and corrupting or even
stealing a model, a cybercriminal impersonating an AI to gain
unauthorized access, or some new form of attack we have not even
thought of, security teams need to be on the front foot. This is
why a kill switch for AI – based on the unique identity of
individual models being trained, deployed and run – is more
critical than ever.”
Machine identity security complexity is growing
The research also provided insights into which areas in cloud
native infrastructure organizations have experienced security
incidents. Machine identities like access tokens used with service
accounts topped the list with 56%, but almost as many (53%)
experienced incidents related to other machine identities, such as
certificates.
Part of the reason these incidents occur with such regularity is
the growing complexity of cloud native environments. This creates
new challenges for security teams around managing and securing the
machine identities that underpin access and authentication in cloud
native environments:
- 74% of security leaders agree that humans are the weakest link
in machine identity security. 83% of teams recognize that failing
to secure machine identities at the workload level renders all
other security obsolete.
- 69% say that delivering secure access between their cloud
native and data center environments is a “nightmare to manage,”
while 89% are experiencing challenges around managing and securing
secrets at scale.
- 83% think having multiple service accounts also creates a lot
of added complexity, but most (91%) agree that service accounts
make it easier to ensure that policies are uniformly defined and
enforced across cloud native environments.
Bocek concludes: “Attackers are increasingly zoning in on
machine identities in cloud native technologies. Security teams
must prioritize machine identity security to the same degree as
human identities. The great news is that secrets management,
certificate lifecycle management (CLM) and cloud native security
are available today. An automated, end-to-end machine identity
security program means businesses can enhance their cloud native
security, ensuring operational stability and business growth.”
To read the full report, please visit
https://venafi.com/lp/cloud-native-security-report-2024/.
Additional Resources:
About Venafi, a CyberArk Company
Venafi, a CyberArk company, offers the most comprehensive
solutions to address critical challenges in PKI, certificate
management and workload identity management. Through centralized
visibility and automation, Venafi helps customers monitor and
secure any machine identity, anywhere, across extended enterprise
networks. As an innovative leader, Venafi solves today’s greatest
machine identity challenges while anticipating those of
tomorrow.
By combining Venafi’s best-in-class machine identity management
with CyberArk’s leading identity security capabilities, these two
category creators together establish the world’s first platform for
end-to-end machine identity security at enterprise scale. To learn
more about CyberArk’s acquisition of Venafi, read the press
release.
For more information about Venafi, visit
https://venafi.com/.
About CyberArk
CyberArk (NASDAQ: CYBR) is the global leader in identity
security. Centered on intelligent privilege controls, CyberArk
provides the most comprehensive security offering for any identity
– human or machine – across business applications, distributed
workforces, hybrid cloud environments and throughout the DevOps
lifecycle. The world’s leading organizations trust CyberArk to help
secure their most critical assets. To learn more about CyberArk,
visit https://www.cyberark.com, read the CyberArk blogs or follow
on LinkedIn, X, Facebook or YouTube.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20241216555147/en/
Media Contact Pauline Louie pauline.louie@cyberark.com
(801) 676-6900
CyberArk Software (NASDAQ:CYBR)
Gráfico Histórico do Ativo
De Nov 2024 até Dez 2024
CyberArk Software (NASDAQ:CYBR)
Gráfico Histórico do Ativo
De Dez 2023 até Dez 2024