One in six endpoints has identity risks

By Ian Barker
Published 2 years ago

Many data breaches have unmanaged, misconfigured or exposed identity details at their core. Yet despite this, businesses continue to lack visibility into their identity risk.

A new study from Illusive reveals as many as one in six enterprise endpoints it analyzed had some form of identity risk.

Exploitable identity risks enable attackers to gain initial access, establish their persistence on a network, elevate their privileges, evade defenses and accelerate their lateral movement until they have taken complete control.

The study finds that 87 percent of local admins were not enrolled in privileged access management solutions, such as Microsoft's Local Administrator Password Solution (LAPS). Misconfiguration is a problem too, with 40 percent of shadow admins (misconfigured users with unintended privileges) able to be easily exploited.

More than one in 10 (13 percent) endpoints contain privileged account passwords that have been left exposed (for example by having cached credentials). This is the digital equivalent of leaving your username and password written on a sticky note, and there are a variety of tools that attackers can employ to dump these privileged credentials in order to exploit them.

"As ransomware attacks reach record-breaking levels, the complexity of managing Active Directory and the limitations of existing identity and access management solutions have created an identity security gap that attackers easily exploit," says Ofer Israeli, CEO and founder of Illusive. "And it isn't just a gap -- it's a major blindspot -- this research is proof that organizations lack visibility into the identity risks that leave them vulnerable to an attack."

The company has also announced the launch of Illusive Spotlight and Illusive Shadow, its patented identity risk management platform enabling organizations to automatically and continuously discover, mitigate and protect against identity risks.

One in six endpoints has identity risks

Recent Headlines

Microsoft is optimizing Windows 10 update delivery just as it did with Windows 11

Understanding the good and bad of no-code solutions [Q&A]

Ubuntu Linux 24.10 is named 'Oracular Oriole'

How threat intelligence can improve vulnerability management outcomes

Ubuntu Linux-based Voyager 24.04 LTS unites GNOME and Xfce

Kioxia unveils TransMemory U304 USB flash drive

Microsoft and Estée Lauder transform the beauty industry with AI

Most Commented Stories

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.4.0 'pl'

The stunning Windows 13 -- yes, 13! -- is the Microsoft operating system we want

Microsoft 'improves' Windows 11 by bringing ads to the Start menu in the US

Windows 11 slammed for its 'comically bad' performance even on high-end hardware

Microsoft is up to its old tricks yet again -- Windows 10 users harassed with full-screen Windows 11 upgrade warnings

Outrageous: Microsoft to charge $61 for Windows 10 updates -- consider switching to Linux!

Microsoft releases preview version of Office 2024 for Windows and macOS -- download it now!

EndeavourOS ARM discontinued: A huge loss for the Linux community