Enormous digital identities growth is leading to cybersecurity debt

The rise of human and machine identities – often running into the hundreds of thousands per organization – has driven a buildup of identity-related cybersecurity “debts”, exposing organizations to greater cybersecurity risk, stated a CyberArk report. Machine identities now outweigh human identities by a factor of 45 times on an average.

According to the report, security professionals agree that recent organization-wide digital initiatives have come at a price. This price is cybersecurity debt: security programs and tools that have grown but not kept pace with what organizations have put in place to drive operations and support growth. This debt has arisen through not properly managing and securing access to sensitive data and assets, and a lack of Identity Security controls is driving up risk and creating consequences. The debt is compounded by the recent rise in geopolitical tensions, which have already had direct impact on critical infrastructure, highlighting the need for heightened awareness of the physical consequences of cyber-attacks.

Seventy-nine per cent of professionals agree that their organizations prioritized maintaining business operations over ensuring robust cyber security in the last 12 months, states the study.

Less than half (48%) have Identity Security controls in place for their business-critical applications, it said.

Secular trends of digital transformation, cloud migration and attacker innovation are expanding the attack surface. 

Credential access was the number one area of risk for respondents (at 40%), followed by defence evasion (31%), execution (31%), initial access (29%) and privilege escalation (27%).

Over 70% of the organizations surveyed have experienced ransomware attacks in the past year- two each on an average.

Sixty-two per cent surveyed professionals have done nothing to secure their software supply chain post the SolarWinds attack and most (64%) admit a compromise of a software supplier would mean an attack on their organization could not be stopped.

“The past few years have seen spending on digital transformation projects skyrocket to meet the demands of changed customer and workforce requirements. The combination of an expanding attack surface, rising numbers of identities, and behind-the-curve investment in cybersecurity - what we call Cybersecurity Debt - is exposing organizations to even greater risk, which is already elevated by ransomware threats and vulnerabilities across the software supply chain,” said Udi Mokady, founder, chairman and CEO, CyberArk.