Cybersecurity
 

Internet

See all Internet

IT

See all IT

Mobile Tech

See all Mobile Tech

Security

See all Security

Technology

See all Technology

Newsletters

See all Newsletters

Unprotected Machine Identities Newest Enterprise IT Security Concern

information security professionals

A new report by a privileged access management firm (PAM) warns that IT security is worsening as corporations remain bogged down on deciding what to do and what it will cost.

Delinea, formerly Thycotic and Centrify, on Tuesday released the research based on 2,100 security decision-makers internationally, revealing that 84% of organizations experienced an identity-related security breach in the past 18 months.

This revelation comes as enterprises continue to grapple with expanding entry points and more persistent and advanced attack methods from cybercriminals. It also highlights differences between the perceived and actual effectiveness of security strategies. Despite the high percentage of admitted breaches, 40% of respondents believe they have the right strategy in place.

Numerous studies found credentials are the most common attack vector. Delinea wanted to know what IT security leaders are doing to reduce the risk of an attack. The study focused on learning about organizations’ adoption of privileged access management as a security strategy.

Key findings of the report include:

  • 60% of IT security decision-makers are held back from delivering on IT security strategy due to a host of concerns;
  • Identity security is a priority for security teams, but 63% believe it is not understood by executive leaders;
  • 75% of organizations will fall short of protecting privileged identities because they refuse to get the support they need.

ID Security a Priority, But Board Buy-in Critical

Lagging corporate commitment to actually take action is the growing policy many executives seem to be following regarding IT efforts to provide better breach prevention.

Many organizations are hungry to make a change, but three quarters (75%) of IT and security professionals believe those promises of change will fail to protect privileged identities due to corporate lack of support, according to researchers.

The report notes that 90% of respondents said their organizations fully recognize the importance of identity security in enabling them to achieve their business goals. Almost the same percentage (87%) said it is one of the most important security priorities for the next 12 months.

However, a lack of budget commitment and executive alignment resulted in a continuing stall on improving IT defenses. Some 63% of respondents said that their company’s board still does not fully understand identity security and the role it plays in enabling better business operations.

“While the importance of identity security is acknowledged by business leaders, most security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks,” said Joseph Carson, chief security scientist and advisory CISO at Delinea.

“This means that the majority of organizations will continue to fall short of protecting privileges, leaving them vulnerable to cybercriminals looking to discover privileged accounts and abuse them,” he added.

Lacking Policies Puts Machine IDs at Great Risk

Companies have a long road ahead to protect privileged identities and access, despite corporate leaders’ good intentions. Less than half (44%) of the organizations surveyed have implemented ongoing security policies and processes for privileged access management, according to the report.

These missing security protections include password rotation or approvals, time-based or context-based security, and privileged behavior monitoring such as recording and auditing. Even more worryingly, more than half (52%) of all respondents allow privileged users to access sensitive systems and data without requiring multifactor authentication (MFA).

The research brings to light another dangerous oversight. Privileged identities include humans, such as domain and local administrators. It also includes non-humans, such as service accounts, application accounts, code, and other types of machine identities that connect and share privileged information automatically.

However, only 44% of organizations manage and secure machine identities. The majority leave them exposed and vulnerable to attack.

Graph: Delinea Benchmarking Security Gaps and Privileged Access

Source: Delinea global survey of cybersecurity leaders

Cybercriminals look for the weakest link, noted Carson. Overlooking ‘non-human’ identities — particularly when these are growing at a faster pace than human users — greatly increases the risk of privilege-based identity attacks.

“When attackers target machine and application identities, they can easily hide,” he told TechNewsWorld.

They move around the network to determine the best place to strike and cause the most damage. Organizations need to ensure machine identities are included in their security strategies and follow best practices when it comes to protecting all their IT ‘superuser’ accounts which, if compromised, could bring the entire business to a halt, he advised.

Security Gap Growing Bigger

Perhaps the most important finding from this latest research is that the security gap continues to get larger. Many organizations are on the right path to securing and reducing cyber risks to the business. They face the challenge that large security gaps still exist for attackers to gain an advantage. This includes securing privileged identities.

An attacker only needs to find one privileged account. When businesses still have many privileged identities left unprotected, such as application and machine identities, attackers will continue to exploit and impact businesses’ operations in return for a ransom payment.

The good news is that organizations realize the high priority of protecting privileged identities. The sad news is that many privileged identities are still exposed as it is not enough just to secure human privileged identities, Carson explained.

The security gap is not only increasing between the business and attackers but also the security gap between the IT Leaders and the business executives. While in some industries this is improving, the issue still exists.

“Until we solve the challenge on how to communicate the importance of cybersecurity to the executive board and business, IT leaders will continue to struggle to get the needed resources and budget to close the security gap,” he warned.

Cloud Whack-a-Mole

One of the main challenges for securing identities is that mobility and cloud environment identities are everywhere. This increases the complexity of securing identities, according to Carson.

Businesses still attempt trying to secure them with the existing security technologies they already have today. But this results in many security gaps and limitations. Some businesses even fall short by trying to checkbox security identities with simple password managers, he said.

“However, this still means relying on business users to make good security decisions. To secure identities, you must first have a good strategy and plan in place. This means understanding the types of privileged identities that exist in the business and using security technology that is designed to discover and protect them,” he concluded.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Get Permission to License or Reproduce this Article

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
Security Demands Shifting Business Backups Away From On-Prem Boxes
June 30, 2022
Cloud Security Holes Are Invites for Ransomware: Report
October 14, 2021
More by Jack M. Germain
view all
Cybersecurity Pros Preach Constant ID Challenging, Attack Readiness To Defeat Threats
July 19, 2022
DevOps
Leapwork CEO: No-Code Platforms Democratize Testing Automation
July 14, 2022
6 Signs Cybercriminals Infected Your Phone and How To Fix It
July 13, 2022
New Recipe for Marketing Success: Blend Digital and CX, Mix Well With AI
July 8, 2022
IoT internet of things
Unresolved Conflicts Slow eSIM Upgrade Path to Better IoT Security
July 5, 2022
Security Demands Shifting Business Backups Away From On-Prem Boxes
June 30, 2022
Cryptocurrency Custody Concerns: Who Holds the Digital Storage Keys?
June 21, 2022
Ubuntu Core 22 Release Addresses Challenges of IoT, Edge Computing
June 15, 2022
KYY 15.6-inch Portable Monitor
KYY 15.6″ Portable Monitor Packs Value With a Healthy Feature Set
June 9, 2022
Apple Worldwide Developers Conference 2022
Apple Shows Off Vast Upgrades to Software, Hardware, User Experiences at WWDC22
June 7, 2022
More in Cybersecurity
Security Pros Lured to Bug Bounties by Big Pay Days
June 28, 2022
Digital Devices of Corporate Brass Ripe for Hacker Attacks
June 22, 2022
Attacks on Cloud Service Providers Down 25% During First 4 Months of 2022
June 14, 2022
Ransomware Greatest Risk to Supply Chain in Minds of IT Pros
June 8, 2022
New Software Vulnerability Zeroes In on Microsoft Programs
June 1, 2022
Lax Cyber Skills, Dev Blind Spots Behind Organizations’ AppSec Breakdowns
May 31, 2022
NSA’s Claim Backdoor Off Encryption Table Draws Skepticism from Cyber Pros
May 18, 2022
Hackers Cast LinkedIn as Most-Popular Phishing Spot
May 16, 2022
Linux Security Study Reveals When, How You Patch Matters
April 25, 2022
PII of Many Fortune 1000 Execs Exposed at Data Broker Sites
April 19, 2022

Which best describes how inflation affects decision-making at your organization these days?
Loading ... Loading ...

TechNewsWorld Channels

Applications

 Applications

Canonical Lets Loose Ubuntu 22.04 LTS 'Jammy Jellyfish'

Low-Code Platforms Help Ease the Shadow IT Adversity Pain

SaaS Boom Puts Software Sellers on Road to Recurring Revenue

Audio/Video

 Audio/Video

Study Finds Sports Is King Among Livestreamers

New Cisco Conferencing Devices Designed To Heal Meeting Fatigue

Amazon Puts High-Tech Spin on Play Dates With Kiddie Video-Calling Device

Chips

 Chips

Microsoft's Innovative 4-Processor PC

Slipping Graphics Chip Prices Could Signal Coming End of Semiconductor Shortages

Intel Releases Arc, Now We Have a Three-Horse Race

Computing

 Computing

Titan Linux Beta Brings Simplicity, Finesse to KDE Remake

Don't Become a Fool in the IT Gold Rush

Start Here When Things Go Wrong on Your Linux System

Cybersecurity

 Cybersecurity

Forrester Pegs B2B Fraud, Cyber Insurance Complacency as Top Threats in 2022

Atlas VPN Debuts MultiHop+ for Added Layer of Internet Privacy and Security

US Braces for Cyberwarfare Amid Fears of Russian Assault

Data Management

 Data Management

Data Observability's Big Challenge: Build Trust at Scale

The Business Case for Clean Data and Governance Planning

6 Critical Steps for Scaling Secure Universal Data Authorization

Developers

 Developers

Cognitive Skills for Engineering Success

Apple and Microsoft Developers Conferences Exhibit Companies' Strengths, Weaknesses

New Linux Laptop Line Advances HP, System76 Open-Source Collaboration

Emerging Tech

 Emerging Tech

The World Is Not Yet Ready for Electric Cars

Rapid EV Adoption by Low-Income Drivers Needed To Curb Climate Change: Report

The Importance of the Metaverse Standards Forum

Exclusives

 Exclusives

Sports Betting Platforms Gambling With Substandard CX

Natural Language Speaks Loudly About a Big Shift in AI

Appdome CEO on Mobile App Security: No Developer, No Code, No Problem

Gaming

 Gaming

Nvidia Showcases the Metaverse Future at GTC

Play-To-Earn Gaming Faces Hurdles To Rapid Growth

The Coolest Stuff From CES 2022

Hacking

 Hacking

Beware the Ides of March Madness

BreachQuest Dissects, Publishes Pro-Russia Ransomware Group's Internal Chat Logs

Ransomware-Related Data Leaks Jump 82% in 2021

Hardware

 Hardware

InnoView's 15.6" 4K Portable Panel Could Be the Ultimate Touchscreen Accessory

InnoView 15.8" Portable Display: More Screen Space for Small Devices

Apple Refreshes iPhone SE, iPad Air, Debuts Studio Desktop

Health

 Health

Hack Your Metabolism To Improve Health With the Lumen Smart Device

Amazon Rolls Out Alexa for Senior Living and Healthcare Providers

Cove High-Tech Neckband Aims To Ease Stress, Improve Sleep

Home Tech

 Home Tech

Home Automation Faces 3 Perpetual Problems

How the War in Ukraine Is Changing the Technology Landscape

CES 2022 Predictions

How To

 How To

Computers Use Processes, So Should You

NICE Platform Answers Call for Hyper-Personal CX Tools

Key Factors When Selecting and Setting Up an E-Commerce Platform

Internet of Things

 Internet of Things

Foundries and Arduino Team To Patch IoT Devices

Remote Work Heightens Privacy and Security Anxiety Among Employees

Amazon Super Smart Fridge Is Reportedly in the Works

IT Leadership

 IT Leadership

Open Source Leaders Push WH for Security Action

The 5 Coolest Things at Dell World Almost No One Saw

Ukrainian IT Firm Counterattacks Russian War Lies

Malware

 Malware

CyberSec Firms Give Advice, Services To Quell Fallout From Malware Aimed at Ukraine

Russia-Linked Cyclops Blink Malware Identified as Potential Cyberwarfare Weapon

Reports Warn of Worsening Warfare From Cyber Criminals in 2022

Mobile Apps

 Mobile Apps

Kids' Screen Use Sees Fastest Rise in 4 Years

What's in Store for Next-Gen Digital Wallets

Apple Privacy Rule Cost Tech Titans Estimated $9.85 Billion in Revenue

Operating Systems

 Operating Systems

New Breeze Theme Gives KDE Neon Release Lots of Sparkle

HP Chromebase Makes Chrome OS Desktops a Smart Choice

Why Microsoft Again Became the World's Most Valuable Company

Privacy

 Privacy

US-Led Seizure of RaidForums May Defy Lasting Effect on Security

Crypto 101: Data Privacy and Security on Cryptocurrency Platforms

Russian Warpath Prompts Free VPN Offer

Reviews

 Reviews

Rebuilding Ukraine: 3D Printing and the Metaverse Could Help Create the Cities of Tomorrow

Desklab Portable Monitor: Ideal for Work, Play, Mobile Productivity

Why Commercial Space Travel Is Unlikely To Scale Up

Science

 Science

Report Finds US Workers Lagging in Digital Skills

Nvidia Launches Earth 2 and Goes to War Against Climate Change

The Challenge and Promise of Quantum Computing

Search Tech

 Search Tech

Microsoft Bing, Yandex Create New Search Protocol

Botify SEO Platform Helps Brands Navigate Organic Search Rankings

Google Cloud Seeks To Cure Retailers' Search Woes, Help Compete With Amazon

Servers

 Servers

Cyber Asset Management Overwhelming IT Security Teams

30 Years of Linux History Told via Distros

Stale Open Source Code Rampant in Commercial Software: Report

Smartphones

 Smartphones

Tesla Smartphone Could Be a Game Changer

Snapdragon 8 Suggests the End of PCs and Smartphones as We Know Them

Google vs. Apple Smartphones: Similar Capabilities, Polar Opposites in Strategic Execution

Social Networking

 Social Networking

Big Tech Firms Move To Squash Deceptive Info on Ukraine Crisis

Facebook Pushes Pause on Instagram for Kids

TikTok Tops YouTube in Watch Time Among Android Users

Space

 Space

Kuo Predicts 'iPhone 13' Will Support Satellite Calls and Texting

30 Years Later, the Trajectory of Linux Is Star Bound

Amazon Clears FCC Hurdle to Satellite Network

Spotlight Features

 Spotlight Features

Marketers: Beware Florida's Mini-TCPA

Gamifying EdTech Launches Learning to Loftier Levels

Nasuni Founder Andres Rodriguez: Object Storage Offers More Cloud Benefits, Lower Cost

Tablets

 Tablets

Microsoft Finally Has Truly Competitive Alternatives to Apple Products

New iPad Mini Stars at Apple Refresh Event

Chromebook Shipments Jump 75% YoY in Q2

Tech Buzz

 Tech Buzz

The Birth of Google's 'Sentient' AI and the Problem It Presents

Google Hasn't Started the Robocalypse Yet

With Sheryl Sandberg Gone, Does Meta Grow Up, or Die?

Tech Law

 Tech Law

New EU Law Will Force Google, Meta, Others To Expose Algorithms

Pandemic, Compliance Driving Increased Privacy Spending

Report Argues Antitrust Bill Would Hurt Consumers, Stymie Innovation

Transportation

 Transportation

BlackBerry and Preparing for the Software-Defined Automobile

Wing Picks DFW for First Commercial Drone Deliveries in Major US Metro Area

Advanced Sensor System May Open Door to Zero Death Driving

Virtual Reality

 Virtual Reality

Meta vs. Varjo and Nvidia: The Bifurcation of the Metaverse

A Step Into Meta's VR Meeting World, Horizon Workrooms

Metaverse Marketing Offers New Approach To Utilizing Customer Data

Wearable Tech

 Wearable Tech

Apple MR Specs Will Shun Metaverse: Report

Apple Wearables Holiday Sales Knock It Out of the Park

5 Terrific Tech Gift Ideas for Your Holiday Shopping List

Women In Tech

 Women In Tech

Cybercriminals Employing Specialists To Maximize Ill-Gotten Gains

Encouraging Research Finds Brain Adjusts to 'Third Thumb'

E-Commerce Tending to Health and Wellness Needs

More from ECT News Network

E-Commerce Times

Sink or Swim: 5 E-Commerce Pain Points To Address for Success
Sink or Swim: 5 E-Commerce Pain Points To Address for Success
July 26, 2022
Sweetwater's Well-Tuned Marketing Is Music to Shoppers' Ears
Sweetwater's Well-Tuned Marketing Is Music to Shoppers' Ears
July 21, 2022
Adapting to E-Commerce Trends in 2022 and Beyond
Adapting to E-Commerce Trends in 2022 and Beyond
July 19, 2022

LinuxInsider

Linux Spreads, Nvidia Now Part Open-Source, Backup Tool Gets More Time
Linux Spreads, Nvidia Now Part Open-Source, Backup Tool Gets More Time
July 6, 2022
Open-Source Technologies, Issues on Display at Linux Foundation Summit
Open-Source Technologies, Issues on Display at Linux Foundation Summit
June 22, 2022
Ubuntu Core 22 Release Addresses Challenges of IoT, Edge Computing
Ubuntu Core 22 Release Addresses Challenges of IoT, Edge Computing
June 15, 2022

CRM Buyer

Gen Z to Retailers: Sell Us Speed, Simplicity, Touchless Pay Options
Gen Z to Retailers: Sell Us Speed, Simplicity, Touchless Pay Options
July 22, 2022
New Recipe for Marketing Success: Blend Digital and CX, Mix Well With AI
New Recipe for Marketing Success: Blend Digital and CX, Mix Well With AI
July 8, 2022
A Study of Selling
A Study of Selling
June 28, 2022