A new global report published by Cyberark shows that 79% of information security managers in organizations state that cyber security has been pushed back in the past year in favor of accelerating digital business ventures.
The Cyber Threats Identity Map Report for 2022 details how the increase in the number of human identities and machine identities – often reaching hundreds or thousands of identities to an organization – has led to the accumulation of cyber “debt” in the context of identity security, exposing organizations to increased risks such as: Password leaks, malicious use of corporate identity to gain unauthorized access to information and more.
Each major enterprise computerization or digitization initiative leads to an increase in the number of interactions between people, applications, and processes, leading to the formation of many digital identities. When these digital identities are unmanaged and unsecured, they can pose a significant cyber risk.
68 percent of non-human or bot identities have access to sensitive data and information assets. The average employee currently has more than 30 digital identities. The number of identities known as the machine now exceeds the number of human identities 45 times on average. 87 percent of organizations store secrets in multiple locations around DevOps, while 80 percent say developers typically have more privileged privileges than they need to perform their job.
The attack space of 2022
The prevalent trends of digital transformation, beyond the cloud and innovation of the attackers continue to expand the attack surface. The report examines the prevalence and type of cyber threats that challenge teams, and the areas where risk is particularly high.
Access to authorizations is the top risk area among respondents (40%), followed by evasion of defense (31%), execution of malicious programs (31%), initial access (29%), and promotion of privileged access (27%).
More than 70% of the organizations surveyed did nothing to secure the software supply chain following the SolarWinds attack and most (64%) admit that hacking into their software provider means they will not be able to block an attack on their organization.
How is the security debt created?
Security executives agree that cross-organizational digital initiatives come at a high price: that price is a security debt. Security programs and tools have grown and expanded but have not kept pace with the innovations that organizations have adopted to improve performance to support growth. This debt is created due to inadequate management and security of the risk and access to sensitive data and information assets, and due to the lack of means of controlling the security of identities which increases the risk and creates consequences.
The debt continues to grow following the recent rise in geopolitical tensions that have already directly impacted critical infrastructure, a fact that underscores the need for increased vigilance for the physical consequences of cyberattacks. 79% agree that in the last 12 months, their organization has given priority to maintaining business operations over solid information security. Less than half (48%) installed identity security controls in business-critical applications.
Udi Mokdi, Chairman and CEO of Cyberark, said, “The combination of a larger security platform, a greater number of identities than ever before and less investment in information security – what we call ‘information security debt’ – exposes organizations to greater-than-ever risk, which already brings To increase ransomware threats and security vulnerabilities in the software supply chain. “