Cloud native environments have been the target of widespread security incidents, with 86% of organisations reporting disruptions over the past year, claims a new study by Venafi. According to the CyberArk subsidiary, these incidents led to application delays, service outages, and unauthorised access to systems and data, highlighting growing vulnerabilities in cloud infrastructure.
The findings are part of Venafi’s report, “The Impact of Machine Identities on the State of Cloud Native Security in 2024”, which surveyed 800 IT and security decision-makers across the US, UK, France, and Germany. Of the organisations surveyed, 53% reported delays to application launches or slower production timelines, while 45% faced outages or disruptions to application services. Additionally, 30% stated that attackers gained unauthorised access to data, networks, or systems.
“A massive wave of cyberattacks has now hit cloud-native infrastructure, impacting most modern application environments,” said Venafi’s chief innovation officer Kevin Bocek. “To make matters worse, cybercriminals are deploying AI in various ways to gain unauthorised access and exploiting machine identities using service accounts on a growing scale.”
Machine identities identified as a prime target for cyberattacks
Machine identities, particularly access tokens and service accounts, are emerging as a critical focus for cyber attackers. Venafi’s survey found that 88% of security leaders view machine identities as the next major target for attackers. More than half (56%) reported a security incident involving service accounts in the past year.
The management of machine identities remains a challenge for many organisations due to the growing complexity of cloud-native environments. According to the report, 83% of respondents believe failing to secure machine identities at the workload level makes all other security efforts obsolete. Additionally, 74% cited human error as the weakest link in machine identity security, while 69% described delivering secure access between cloud-native and data centre environments as particularly difficult.
The report highlights the increasing role of artificial intelligence (AI) in cyberattacks, particularly within supply chain security. 77% of respondents expressed concerns about AI poisoning, a method where attackers manipulate AI inputs or outputs for malicious purposes.
Supply chain attacks also remain a pressing issue, with 84% of respondents agreeing that they are a clear and present danger. However, 61% reported that senior managers in their firms had reduced focus on supply chain security over the past year.
Other AI-related risks highlighted by the survey include AI model theft, cited by 75% of respondents, and AI-driven social engineering threats, which were flagged by 73%. Additionally, 72% expressed concerns over provenance issues within the AI supply chain, reflecting challenges in ensuring the trustworthiness of AI inputs and origins.
The report also pointed to ongoing friction between security and developer teams. A majority (68%) of respondents stated that security and development teams will continue to remain at odds, with 54% reporting difficulties in encouraging developers to prioritise a security-first mindset.
Managing secrets at scale emerged as another operational challenge. A total of 89% of respondents reported difficulties in securing secrets across hybrid and multi-cloud environments. Despite this, 91% acknowledged that service accounts simplify the enforcement of uniform security policies. However, 83% agreed that managing multiple service accounts increases overall complexity.
The findings reinforce the frequent occurrence of incidents tied to machine identities. While 56% of organisations experienced incidents involving access tokens used with service accounts, 53% reported incidents related to other machine identities, such as certificates.
In a separate study undertaken by Venafi, 83% of organisations reported using AI to generate code, reflecting the growing role of AI in development workflows. However, the study, which surveyed cybersecurity executives, revealed significant concerns about the security risks associated with this reliance on AI. A substantial 92% of respondents expressed worries about the implications of widespread AI adoption among DevOps teams.
Read more: Security leaders warn of new risks as AI drives code development in 83% of organisations
