Enterprises spend 11 hours on resolving each security alert
On average, enterprises spend 11 hours of employee time investigating and remediating a single critical identity-related security alert.
A new study from Enterprise Strategy Group, of 370 IT and cybersecurity decision makers, shows this affects the capacity of security teams to manage alert volume, and this is only made worse in the age of AI.
Not only does AI introduce a new type of identity, but in many organizations, its rapid innovation is outpacing organizational oversight and creating new attack vectors.
Ev Kontsevoy, CEO of Teleport, a sponsor of Enterprise Strategy Group’s research, says, “When it only takes minutes for threat actors to move laterally across your infrastructure, 11 hours to investigate an identity-related incident simply isn’t good enough. As we move deeper into the age of AI, we must remember that AI dramatically lowers the cost of identity attacks, and we must expect the frequency of them to increase. We must improve the trustworthiness of computing environments. We can only achieve this by eliminating anonymity and human error, and by unifying identity to simplify policy enforcement and enhance visibility of what each identity is doing.”
The study shows that nearly half (44 percent) of businesses have already deployed AI, which risks creating yet another identity silo involving potentially over-privileged access to sensitive data and resources across infrastructure. Over half of respondents echo this concern, with 52 percent ranking ‘data privacy issues’ as the biggest risk related to AI.
Tool fragmentation is an issue too, workforce identity teams use an average of more than 10 tools to trace identity-related security issues, suggesting companies require a more cohesive approach to manage identities in a unified way.
“Most cybersecurity solutions only see part of the picture," says Todd Thiemann, principal analyst at Enterprise Strategy Group. “Few organizations understand the scale of the threat, let alone how quickly malicious actors can move laterally and disrupt systems. Each application expands a company’s security and compliance surface area, often faster than they can govern it, and few are easily integrated with identity tools. This leaves blind spots, orphaned accounts, inconsistent access privileges, and gaps in auditability, which significantly raises the risk of breaches and regulatory penalties.”
The full report is available from the Teleport site.
Image Credit: Yuri Arcurs/Dreamstime.com