Non-human identities pose security risks for enterprises
Non-human identities (NHIs) refer to things like API keys, service accounts, system accounts, OAuth tokens. You may not give them too much thought, but a new report from Silverfort looks at the impact they have on an organization's cybersecurity.
Active Directory service accounts -- used for machine-to-machine communication within Microsoft’s Active Directory's (AD) environments -- are the most common and regularly compromised NHIs.
Compromised accounts of this type maybe even more of a risk than human-owned ones since typically they have privileged access to sensitive machines, effectively making them admin accounts. On average, around a third of users within AD are service accounts and in smaller organizations it may be as many as half.
The study, of over 600 people responsible for identity in enterprises with over 1,000 employees, finds that on average, 30 percent of a company's user accounts are service accounts, However, only 5.7 percent of organizations have full visibility into their service accounts, leaving a huge percentage of organizations with unknown non-human identities. 80 percent of organizations say they're unable to prevent the misuse of service accounts in real time due to sporadic or absent visibility and security.
In addition 46 percent of service accounts regularly use a weak authentication protocol (NTLM), leaving them open to credential theft and abuse. Also 78 percent of organizations aren't confident they can stop an attacker performing lateral movement with compromised credentials.
The report concludes, "NHIs make up a significant portion of an organization’s total identities. The volume of NHIs will continue to climb as we accelerate the pace of automation, innovation, and the great amplifier -- artificial intelligence. Today, we analyzed a single type of NHI used at the typical organization, but it's not hard to imagine a slew of similar results if we expanded our scope and applied the analysis to other types of NHIs regularly used at organizations globally. The compromise of a single NHI service account could give attackers access to multiple resources, making it an ideal target for attackers -- sophisticated or not. And they'll rarely face much resistance, as standard security controls like traditional MFA can typically only protect human identities."
You can read more on the Silverfort blog.
Image credit: BiancoBlue/depositphotos.com