Cybersecurity takes a back seat to other digital projects
A new study reveals that 79 percent of cybersecurity professionals think that their organization prioritized maintaining business operations over ensuring robust cybersecurity in the last 12 months.
The CyberArk 2022 Identity Security Threat Landscape Report also points up how the rise of human and machine identities -- often running into the hundreds of thousands per organization -- has driven a build-up of identity-related cybersecurity 'debt', exposing organizations to greater risk.
Udi Mokady, founder, chairman and CEO, CyberArk, says, "The past few years have seen spending on digital transformation projects skyrocket to meet the demands of changed customer and workforce requirements. The combination of an expanding attack surface, rising numbers of identities, and behind-the-curve investment in cybersecurity -- what we call Cybersecurity Debt -- is exposing organizations to even greater risk, which is already elevated by ransomware threats and vulnerabilities across the software supply chain. This threat environment requires a security-first approach to protecting identities, one capable of outpacing attacker innovation."
Every major IT or digital initiative results in increasing interactions between people, applications and processes, creating large numbers of digital identities. If these digital identities go unmanaged and unsecured, they can represent significant cybersecurity risk. For example, 68 percent of non-humans or bots have access to sensitive data and assets. The average staff member has more than 30 digital identities, and machine identities now outweigh human identities by a factor of 45x on average. In addition 87 percent store secrets in multiple places across DevOps environments, while 80 percent say developers typically have more privileges than necessary for their roles.
Credential access is seen as the number one area of risk for respondents (at 40 percent), followed by defense evasion (31 percent), execution (31 percent), initial access (29 percent) and privilege escalation (27 percent).
Over 70 percent of the organizations surveyed have experienced ransomware attacks in the past year, two each on average. Worryingly 62 percent say they have done nothing to secure their software supply chain in the wake of the SolarWinds attack and most (64 percent) admit a compromise of a software supplier would mean an attack on their organization could not be stopped.
The full report is available from the CyberArk site.