Non-human identities present a major security risk
Compromised non-human identities have led to successful cyberattacks at that 66 percent of enterprises.
A new report from AppViewX, based on a survey of almost 370 IT, cybersecurity, and DevOps professionals by Enterprise Strategy Group (ESG), also shows 57 percent of the episodes where organizations suffered a successful attack tied to NHI compromises got the board of directors attention.
"Non-human identities represent one of the most significant attack surfaces within today's enterprises," says Todd Thiemann, senior analyst at ESG. "Without proper management and security controls, NHIs can lead to costly data breaches, operational disruptions, and compliance failures. This report provides valuable insight into the current NHI landscape, how organizations are addressing risks, and their intentions for ensuring continuous security as their NHI volume grows."
Among other findings are that organizations now manage 20 times more non-human identities than human ones, with more than 50 percent expecting this number to increase by over 20 percent in the next year.
Nearly 46 percent of organizations have experienced breaches related to NHIs, with the average enterprise suffering 2.7 incidents in the past year.
It's not surprising then that Over 80 percent of organizations expect to increase spending on NHI security, with a focus on identity threat detection, certificate lifecycle management, and workload access control.
"The complexity of modern cloud environments makes managing non-human identities manually unfeasible, even for smaller organizations. Meanwhile, digital transformation, AI and cloud-first initiatives are pushing the population of these digital identities to near exponential growth," says Gregory Webb, chief executive officer at AppViewX. "Automated certificate lifecycle management and crypto-agility are key to avoiding security lapses, preventing costly outages and reducing exposure to cyber threats. This report underscores both the scale and severity of the problem."
The full report is available on the AppViewX site.
Image credit: titima157/depositphotos.com