Companies must rethink identity security
Businesses have to rethink the way they handle identity security implementation.
Silverfort and Osterman Research found that more than 80% of organisations have had an identity-related hack involving stolen credentials. About half of these breaches happened in the last 12 months.
Misalignment between security and identity teams is another problem that CISOs have to deal with. Identity attack surface visibility still needs to be better, leaving organisations vulnerable to bad players who can get into their environments, move laterally inside their networks, and cause trouble in minutes.
Protecting the identity attack surface, which goes far beyond standard identity access management tools, is the last line of defence to find and stop these threats in real-time.
Sixty-five per cent of organisations have yet to use MFA in a way that gives them enough safety. Also, only 10% of organisations have fully implemented PAM and have a lot of faith in its ability to stop malicious use of privileged credentials; this is because applying these kinds of solutions at scale is notoriously hard.
There is no real-time defence.
94% of organisations need complete insight into their service accounts (non-human identities), which makes these highly vulnerable and often privileged identities an excellent target for attackers. 78% of organisations say they can't stop people from misusing service accounts in real time because they don't have enough information and can't use MFA or PAM security.
Only one out of every five organisations is sure they can stop identity risks. Organisations need to be more confident they can stop bad people from getting in or moving laterally by using stolen passwords.
"Organisations must worry about protecting many different "silos" of digital identity in complex hybrid and multi-cloud settings. Hed Kovetz, CEO of Silverfort, said, "Each of these environments has different identity security controls that don't work together; this leads to only partial security, different user experiences, and extra costs."
"Also, some of a company's most important tools don't have identity security, and bad people know it. This new research shows that organisations need to rethink how they handle identity security and develop a plan covering the entire identity attack surface. "This includes human and non-human identities, privileged and non-privileged users, on-prem and cloud environments, IT and OT infrastructure, and many other areas they didn't manage to protect before," said Kovetz.