Cloud & AI Boost Efficiency but Increase Security Risks
▼ Summary
– 84% of organizations use AI in the cloud, but 62% have at least one vulnerable AI package, with some enabling remote code execution.
– 38% of organizations with sensitive cloud data have exposed databases, and 13% have a single cloud asset supporting over 1,000 attack paths.
– Nearly a third of cloud assets are neglected, averaging 115 vulnerabilities each, with virtual machines and Ubuntu OS being the most neglected.
– 89% of organizations have at least one neglected cloud asset exposed to the internet, with consumer & manufacturing, technology, and public sector being the most affected industries.
– 70% of organizations use Kubernetes, but 30% have publicly exposed Kubernetes assets, and 93% have overprivileged service accounts, increasing security risks.
Businesses are rapidly embracing cloud-based AI solutions, but this technological shift brings heightened security vulnerabilities that demand immediate attention. Recent findings reveal that 84% of companies now integrate AI into their cloud infrastructure, yet 62% operate with at least one vulnerable AI package, some of which contain critical flaws enabling remote code execution.
The push toward multi-cloud environments offers flexibility but complicates security oversight. Gil Geron, CEO of Orca Security, notes that organizations racing to deploy AI often overlook risks, creating a perfect storm for cyber threats. Compounding the issue, 38% of firms store sensitive data in publicly exposed databases, while 13% have cloud assets supporting over 1,000 potential attack paths—a goldmine for malicious actors.
Neglected cloud assets remain a pervasive issue, with nearly a third of resources left unmanaged, each harboring an average of 115 vulnerabilities. Virtual machines top the list of overlooked assets (95% of organizations), followed by Ubuntu-based systems (88%). Shockingly, 89% of businesses have internet-exposed neglected assets, a figure that climbed 7% in just one year. Industries like consumer manufacturing (97%), tech (94%), and the public sector (92%) are especially prone to these exposures.
The attack surface continues to widen, with 76% of organizations having public-facing assets that facilitate lateral movement. For 36% of companies, a single compromised asset could unlock 100+ attack pathways, endangering critical systems. Healthcare faces unique risks, as HIPAA violations for exposed patient data can incur penalties up to $1.5 million. Yet, data breaches plague all sectors, often stemming from plaintext secrets embedded in 85% of source code repositories—a glaring oversight during development.
Kubernetes adoption is surging (70% usage, up 15% YoY), but security gaps persist. 30% of Kubernetes deployments include publicly exposed assets, while half of clusters run unsupported versions, leaving them open to known exploits. Even more concerning, 93% of Kubernetes environments contain overprivileged service accounts, granting attackers easy avenues for privilege escalation or data theft.
Melinda Marks, Practice Director at Enterprise Strategy Group, warns that while traditional risks like unmanaged assets persist, emerging threats—from AI vulnerabilities to non-human identities—are compounding the challenge. As cloud and AI adoption accelerates, organizations must prioritize proactive security measures to mitigate these escalating risks.
(Source: HELPNET SECURITY)
