In episode 48 of the Cybersecurity Minute, Chris Hughes reviews Sysdig’s 2023 Cloud-Native Security and Usage Report.
This episode is sponsored by Acceleration Economy’s Digital CIO Summit, taking place April 4-6. Register for the free event here. Tune in to the event to hear from CIO practitioners discuss their modernization and growth strategies.
Highlights
00:41 — There are interesting findings that Chris shares coming from Sysdig’s 2023 Cloud-Native Security and Usage Report. Specifically, despite an industry push for zero trust, 90% of granted permissions in cloud-native environments are not even used. This directly contradicts the push for least permissive access control — the premise of zero trust.
01:01 — These findings also open the door for malicious actors. If 90% of permissions that are applied are not actually needed, the malicious actors can take advantage of those permissions and abuse them.
01:17 — Sysdig also found that 87% of container images have high or critical vulnerabilities, which is an increase from 75% last year. The report notes that organizations are aware of these vulnerabilities. Teams have admitted that due to bandwidth constraints, they essentially do not have the ability to address these vulnerabilities.
01:47 — These results suggest a lack of prioritization, due to the incentives of a company. Developers are incentivized to “get to speed” with new market features and product updates, rather than driving down vulnerabilities.
02:05 — Finally, Sysdig reiterated that misconfigurations are the biggest culprit for cloud security incidents. As more companies shift to cloud adoption, they don’t always understand these technologies, which leads to a lack of “cyber hygiene.”
Want more cybersecurity insights? Subscribe to the Cybersecurity as a Business Enabler channel:
