Digital identities are significantly increasing on a global scale, One Identity reveals in their global survey findings, which were published today. This phenomenon – known as identity sprawl – has been driven by surges in user identities (internal, third parties, and customers), machine identities and new accounts generated in response to an uptick in remote work. More than 8 in 10 respondents indicated that identities managed has more than doubled, and 25% reported a 10X increase during the period.
According to the Dimensional Research-conducted survey of 1,009 IT security professionals, identity sprawl is one critical obstacle to overcome as businesses seek to optimize their overall cybersecurity posture, with half of all companies reporting they use more than 25 different systems to manage access rights. More than one in five respondents use more than 100. A second challenge is the fragmented way most organizations address identity security. Fifty one percent of respondents stated that multiple silos yield a lack of visibility regarding who has access to what system.
The result of managing identity security in silos is significant levels of complexity and risk. 85 percent of organizations have employees with more privileged access than necessary, making it easier for bad actors to exploit unknowing internal stakeholders to gain access to a given organization. Only 12 percent of professionals are fully confident they can prevent a credential-based attack, which occurs when attackers steal insider credentials to gain initial access, bypassing an organization’s security measures.
“Virtually every day we see a new cyber incident make headlines, in large part because organizations are managing more identities than ever before and because they are unable to attain a 360-degree view of all their identities – which creates gaps, inconsistencies, and expands windows of exposure,” said Bhagwat Swaroop, president and general manager, One Identity. “We’ve seen firsthand that a holistic identity management strategy is a proven way for organizations to optimize visibility, control and protection.”
A trend toward an end-to-end approach for identity security was underscored by the survey, with half of the respondents stating that an end-to-end unification of identities and accounts is needed to better respond to evolving market conditions. Almost two-thirds of respondents stated that a unified identity and access management platform would streamline their business’s approach.
Industry practices recognise that as ransomware (66 percent), phishing (52 percent) and RPA adoption concerns remain top of mind (94 percent of organisations who have deployed bots or RPA report challenges securing them), companies must plan to bolster business resiliency where they can – including investing in enhanced identity and governance administration (IGA) and privileged access management (PAM) solutions that can secure and govern growing identity ecosystems.
Commenting on the survey, Robert Golladay, EMEA and APAC director at Illusive, said: “As we’ve seen over the past 18 months, all ransomware and targeted cyberattacks exploit privileged identities. And all organizations have endpoints and servers with exploitable privileged identities. This means that everyone is at risk of attack until they discover and eliminate these privileged identities, and do so on a continuous basis. Solid identity security practices are the first step to stopping lateral movement, the signature move of advanced attackers.”
Read more here.