Security News > 2024 > May > Machine identities lack essential security controls, pose major threat
Siloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems, according to CyberArk. The CyberArk 2024 Identity Security Threat Landscape Report was conducted across private and public sector organizations of 500 employees and above.
Machine identities often lack identity security controls.
While the quantity of both human and machine identities is growing quickly, the report found that security professionals rate machines as the riskiest identity type.
Contrary to how human access to sensitive data is managed, machine identities often lack identity security controls and represent a widespread and potent threat vector ready to be exploited.
68% of respondents indicate that up to 50% of all machine identities have access to sensitive data, compared to 64% who report that about half of human identities have access to sensitive data.
"Digital initiatives to drive organizations forward inevitably create a plethora of human and machine identities, many of which have sensitive access and all of which must have identity security controls applied to them in order to guard against identity-centric breaches," said Matt Cohen, CEO, CyberArk. "The report shows that identity breaches have affected nearly all organizations - multiple times in nearly all cases - and demonstrates that siloed, legacy solutions are ineffective at solving today's problems. To stay ahead a paradigm shift is required, where resilience is built around a new cybersecurity model that places identity security at its core," concluded Cohen.
News URL
https://www.helpnetsecurity.com/2024/05/23/machine-identities-security-threat/
Related news
- AWS security essentials for managing compliance, data protection, and threat detection (source)
- Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority (source)
- MUT-1244 targeting security researchers, red teamers, and threat actors (source)
- Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat' (source)
- Are threat feeds masking your biggest security blind spot? (source)
- Week in review: MUT-1244 targets both security workers and threat actors, Kali Linux 2024.4 released (source)