77 percent of organizations suffer cyberattacks due to identity issues

According to a new survey, 77 percent of organizations have suffered from instances of cyberattacks or data breaches in the past 12 months due to improper access or over-privileged users.

The study from ConductorOne, based on a survey of 523 US-based IT security leaders at companies with 250 to 10,000 employees, also finds 41 percent of respondents say there had been multiple instances of cyberattacks or data breaches due to the same improper access issues.

"We're now squarely in a new world order in which identity and access must be viewed and managed as a high-priority security risk, not just an IT issue," says Alex Bovee, co-founder and CEO of ConductorOne. "As our survey shows, the complexity of modern technology environments has made identity an overwhelming challenge for security teams -- and a prime target for attack. Fortunately, many organizations are leaning into automation and zero standing privilege to reduce complexity, minimize risk, and bring identity chaos to order."

The interconnectedness of modern technology environments has opened the door to a wide range of new identity and access risks. 76 percent of survey respondents say their company has a hybrid environment. Just six percent of respondents say their environment is completely in the cloud, and only 18 percent have their environment completely on premises.

Nearly all surveyed security leaders (97 percent) report that their company works with external entities like contractors, partners, or suppliers who have access to their various systems, applications, and/or resources.

Top identity and access management challenges are the complexity of existing systems 47 percent, followed by employees' resistance to change (38 percent), limitations due to available tools (33 percent), and executives' resistance to change (32 percent).

You can find out more on the ConductorOne site.

Image credit: Frank-Peters/depositphotos.com