Digital ID Explosion Threatens Enterprise Cybersecurity: CyberArk Report

According to CyberArk’s 2022 Identity Security Threat Landscape Report, digital initiatives from enterprises around the world have created a surge in digital identities exposed to ransomware and supply chain threats.
ⓒ Getty Images Bank

The report found that 79% of the 1,750 IT security decision makers in the study admitted that security lags behind other IT and digital initiatives. In particular, the aftermath of digital initiatives such as the adoption of remote and hybrid work, the emergence of new digital services for customers, and increased outsourcing of remote solution providers has created hundreds of thousands of new digital identities in each enterprise. As a result, digital IDs exposed to cybersecurity threats have also increased.

David Higgins, Head of Technology at CyberArk, said, “What most attacks, including data breaches, ransomware, and service outages, have in common is that the identity is compromised. This is also one of the most common targets of attackers. This corresponds to a lateral movement. The more IDs there are, the greater the attack range.”

According to the report, the number of digital identities in enterprises today is countless, and that number will continue to grow as companies announce new digital initiatives. “A single user has an average of 30 or more IDs,” Higgins said. “If that user dies, unless you have a good lifecycle management program in place, all of these identities left behind without an owner are exposed to cybersecurity threats.” said.

The situation is even worse with machine IDs, which are 45 times greater than human IDs. “The number of machine IDs reflects how companies operate today,” Higgins explains. “Automation is an area that companies are focused on, and the more automation you mix, the more machine IDs you need.”

Higgins warns that machine ID poses a greater threat to businesses than human ID because it is more difficult to monitor. “The traditional behavioral analysis we use to measure humans cannot be applied to machines,” Higgins said.

Compounding the problem with the rise of digital IDs is the number of IDs that can access sensitive information. CyberArk found that 52% of employees have access to a company’s sensitive information and assets, compared to 68% for machines. According to the report, external and internal threat actors can launch attacks with only one compromised identity. Accelerating digital initiatives and the resulting explosion of digital identities affect the scope of cyberattacks.

Additionally, the report found that 70% of businesses suffered ransomware attacks in the past year, and 71% suffered from a supply chain attack.

CyberArk points out that the continuous expansion of attack surface, rapidly increasing identity, and insufficient cybersecurity investment expose enterprises to higher-level cybersecurity threats. In the meantime, attackers have understood this fact and have been exploiting vulnerabilities along the parallel path of innovation and investment.

CyberArk adds that, if companies want to stay ahead of attackers, they must first establish an “assume breach” and then implement these defense strategies to implement zero trust.
[email protected]


Source: ITWorld Korea by www.itworld.co.kr.

*The article has been translated based on the content of ITWorld Korea by www.itworld.co.kr. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!