Silverfort announced its identity protection annual
research report titled, The State of Identity Security: Insights into Critical
Protection Gaps. Conducted by Osterman Research, the report finds the identity
attack surface as the most significant gap in cybersecurity resilience today,
with existing solutions like multi-factor authentication (MFA) and privileged
access management (PAM) leaving critical exposures and allowing for the
malicious use of compromised credentials. The survey behind this report, which
included 637 respondents in identity roles at organizations with at least 1,000
employees, was conducted between May-June 2023.
The
research finds that more than four out of five organizations have experienced a
breach that involved the use of compromised credentials, half of which happened
in the past 12 months. Furthering the challenges for CISOs is a continual
misalignment between security and identity teams. Visibility into the identity
attack surface continues to be insufficient, leaving organizations exposed to
bad actors who can gain access to their environments, move laterally inside
their networks, and wreak havoc in minutes. The protection of the identity
attack surface - which extends far beyond traditional identity access management
tools - is the last line of defense in detecting and preventing such threats in
real time.
Key
takeaways of the report include:
- Identity is the new top attack
surface: More than
80% of organizations have experienced an identity-related breach that
involved the use of compromised credentials, half of which happened in the
past 12 months.
- Sporadic and poorly deployed MFA and
PAM solutions fail to deliver 360º protection: 65% of organizations have not
implemented MFA comprehensively enough to provide sound protection. In
addition, only 10% of organizations have fully deployed PAM and have high
confidence in its ability to prevent malicious use of privileged
credentials due to the notorious complexity of implementing such solutions
at scale.
- Limited visibility is creating
‘blind spots' and exposed access points for bad actors: 94% of organizations do not have
full visibility into their service accounts (non-human identities), making
these highly vulnerable and often privileged identities a prime target for
attackers.
- Real-time protection is missing: 78% of organizations admit that
they cannot prevent the misuse of service accounts in real time, due to
low visibility and inability to enforce MFA or PAM protection.
- Organizations are more exposed than
ever: Only one in
five organizations are highly confident that they could prevent identity
threats. Very few organizations are confident they can stop malicious
access or lateral movement using compromised credentials.
"Today's
organizations are challenged with securing many different ‘silos' of digital
identity across complex hybrid and multi-cloud environments. Each of these
environments has different identity security controls, which don't work
together and result in partial security, inconsistent user experience, and
redundant costs," said Hed Kovetz, CEO and Co-Founder of Silverfort. "In
addition, some of the most critical systems in every company don't have
identity security available at all, and bad actors know it. This new research
emphasizes that organizations need to rethink how they implement identity
security, and develop a strategy that covers the entire identity attack surface
- including human and non-human identities, privileged and non-privileged
users, on-prem and cloud environments, IT and OT infrastructure, and many other
areas that they didn't previously manage to protect."
For
other valuable research information, download the full report here.