Sysdig Report Details Scope of Cybersecurity Challenges
A report published today by Sysdig finds that 60% of organizations maintain risky service accounts that have administrator-level access without implementing rotating access keys.
The typical organization has on average anywhere from 152 to potentially as many as 915 users accessing 5,330 to 41,606 cloud service accounts. Most of those end users, however, are assigned to machines that are no longer being used by organizations. In addition, the way Microsoft counts end users also skews the data. Every time an end user logs into a new application that is tied to Entra ID (formerly known as Azure Active Directory), a new Azure user is tallied, so the total number of end users accessing cloud accounts might be slightly fewer. Additionally, many of these identities belong to machines that are no longer accessing cloud services.
Crystal Morin, cybersecurity strategist for Sysdig, said, nevertheless, those machine identities create a level of unnecessary risk if they are discovered and exploited by cybercriminals.
Overall, however, most organizations do a better job securing end user accounts than cloud services, with only 8% not implementing multi-factor authentication (MFA) or rotating access keys. The report also noted that only 17% of the container workloads analyzed had a critical or high vulnerability, and 91% of those had a fix available that had not yet been applied. In general, 74% of containers live for five minutes or less, with 60% living for less than a minute.
The report also notes that the size of the attack surface that needs to be defended has expanded in the age of artificial intelligence (AI). Three quarters, 75%, of Sysdig customers are using AI or machine learning (ML) packages in their environments, which has more than doubled since last year’s report. In addition, the number of AI/ML packages running in workloads has also grown by nearly 500% over the last year. The percentage of generative AI packages has more than doubled in the last year, from 15% to 36%. On the plus side, the report finds that only 13% of AI models are publicly exposed.
In total, Sysdig also analyzed over 272,000 malware hashes to determine the most commonly used Linux malware families over the last year, with Mirai (65,369) far exceeding the next closest Gafgyt family (29,289).
Time is, of course, always of the essence when it comes to thwarting cybersecurity attacks, but unless organizations improve their cybersecurity hygiene, the odds that their incident response capabilities will be put to the test only increase, notes Morin. Most organizations still need to do a better job simply establishing a baseline for the overall size of the attack surface they need to defend, she added.
Hopefully, advances in AI will make it easier to sooner discover and automatically apply policies to remediate any vulnerabilities discovered. In the meantime, cybersecurity teams should, in addition to assuming there are multiple ways to access services that are relatively insecure, but also assume that the privileges that have been granted to those identities are, unfortunately, trivial to escalate.
