Report Exposes Critical Gaps in Identity Threat Protection
Inaugural State of Identity Security Report from Silverfort and Osterman Research finds that 83% of organizations experienced an identity-related breach.
Note: TDWI’s editors carefully choose press releases related to the data and analytics industry. We have edited and/or condensed this release to highlight key information but make no claims as to its accuracy.
Silverfort, a leader in unified identity protection platforms, released its identity protection annual research report, The State of Identity Security: Insights into Critical Protection Gaps. Conducted by Osterman Research, the report finds the identity attack surface as the most significant gap in cybersecurity resilience today, with existing solutions such as multifactor authentication (MFA) and privileged access management (PAM) leaving critical exposures and allowing for the malicious use of compromised credentials. The survey behind this report, which included 637 respondents in identity roles at organizations with at least 1,000 employees, was conducted between May and June 2023.
The research finds that more than four out of five organizations have experienced a breach that involved the use of compromised credentials, half of which happened in the past 12 months. Compounding the challenges for CISOs is a continual misalignment between security and identity teams. Visibility into the identity attack surface continues to be insufficient, leaving organizations exposed to bad actors who can gain access to their environments, move laterally inside their networks, and wreak havoc in minutes. The protection of the identity attack surface -- which extends far beyond traditional identity access management tools -- is the last line of defense in detecting and preventing such threats in real time.
Key takeaways of the report include:
- Identity is the new top attack surface. More than 80% of organizations have experienced an identity-related breach that involved the use of compromised credentials, half of which happened in the past 12 months.
- Sporadic and poorly deployed MFA and PAM solutions fail to deliver 360º protection. Sixty-five percent of organizations have not implemented MFA comprehensively enough to provide sound protection. In addition, only 10% of organizations have fully deployed PAM and have high confidence in its ability to prevent malicious use of privileged credentials due to the notorious complexity of implementing such solutions at scale.
- Limited visibility is creating ‘blind spots’ and exposed access points for bad actors. Ninety-four percent of organizations do not have full visibility into their service accounts (non-human identities), making these highly vulnerable and often privileged identities a prime target for attackers.
- Real-time protection is missing. Seventy-eight percent of organizations admit that they cannot prevent the misuse of service accounts in real time, due to low visibility and inability to enforce MFA or PAM protection.
- Organizations are more exposed than ever. Only one in five organizations is highly confident that it could prevent identity threats. Very few organizations are confident in their ability to stop malicious access or lateral movement using compromised credentials.
“Today’s organizations are challenged with securing many different silos of digital identity across complex hybrid and multicloud environments. Each of these environments has different identity security controls, which don’t work together and result in partial security, inconsistent user experience, and redundant costs,” said Hed Kovetz, CEO and co-founder of Silverfort.
“In addition, some of the most critical systems in every company don’t have identity security available at all, and bad actors know it. This new research emphasizes that organizations need to rethink how they implement identity security, and develop a strategy that covers the entire identity attack surface -- including human and nonhuman identities, privileged and nonprivileged users, on-premises and cloud environments, IT and OT infrastructure, and many other areas that they didn’t previously manage to protect.”
For other valuable research information, download the full report here (short registration required).