Yesterday, Illusive released its Analysing Identity Risks (AIR) 2022 report, which examines the unmanaged, misconfigured and exposed identity risks within organisations. The report shows that all organisations are vulnerable to attack, despite the deployment of privileged account management (PAM), multi-factor authentication (MFA) and other identity and access management (IAM) solutions. Illusive’s security teams witnessed these blind spots firsthand in the financial services, healthcare, and retail sectors.
According to Gartner®, “Many breaches are caused by security and identity tools that have been misconfigured, not fully configured or whose configurations are out of date.”1 As such, exploitable identity risks enable attackers to gain initial access, establish their persistence on a network, elevate their privileges, evade defences, and accelerate their lateral movement until they have taken complete control. Jamie Akhtar, CEO and founder of Cybersmart says that: “This report quite rightly outlines the blindspot many organisations have with poorly managed or configured identity or access management tools. And the situation is more alarming when it comes to the UK’s thousands of small businesses.”
The report also includes quantitative insights into unmanaged, misconfigured and exposed identity risks, as well as real-world examples of how these identity risks manifest themselves. Illusive also discovered that:
- Unmanaged Identity Risks – 87% of local admins were not enrolled in PAM solutions, such as Microsoft’s Local Administrator Password Solution (LAPS).
- Misconfigured Identity Risks – 40% of shadow admins (i.e., misconfigured users with unintended privileges) can be easily exploited – if an attacker compromised one of these misconfigured identities, they would only need one entitlement, such as resetting the password of a domain admin, to elevate their privileges to a Domain Admin.
- Exposed Identity Risks – More than 1 in 10 (13%) endpoints contain privileged account passwords that have been left exposed (e.g., cached credentials). This is the digital equivalent of leaving your username and password written on a sticky note, and there are a variety of tools that attackers utilise to dump these privileged credentials so that they can be exploited.
“As ransomware attacks reach record-breaking levels, the complexity of managing Active Directory and the limitations of existing identity and access management solutions have created an identity security gap that attackers easily exploit,” said Ofer Israeli, CEO & Founder, Illusive. “And it isn’t just a gap – it’s a major blindspot – this research is proof that organisations lack visibility into the identity risks that leave them vulnerable to an attack.”
To conclude, Akhtar claimed that: “Many SMEs are only just becoming aware of the need to use dedicated accounts for administrative activities, let alone proper configuration of access management tools – which is why it’s now included as a requirement of Cyber Essentials certification. This is a great start but we urgently need practical, inexpensive tools to help SMEs better manage account access and identity.”
- Gartner, Predicts 2022: Identity-First Security Demands Decentralized Enforcement and Centralized Control, Tricia Phillips, Erik Wahlstrom, Henrique Teixeira, Mary Ruddy, Michael Kelley, 23 November 2021.
Disclaimer: GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.