CyberArk Report: Massive Growth of Digital Identities Is Driving Rise in Cybersecurity Debt
April 12 2022 - 7:00AM
Business Wire
- Seventy-nine percent of security professionals agree that their
organization prioritized maintaining business operations over
ensuring robust cybersecurity in the last 12 months
- Machine identities now outweigh human identities by a factor of
45x
- Sixty-four percent of security leaders admit their organization
cannot stop a supply chain-related attack
- Eighty-eight percent of energy and utilities companies have
been hit with a successful software supply chain-related
attack
A new global report released today by CyberArk (NASDAQ: CYBR)
shows that 79% of senior security professionals state that
cybersecurity has taken a back seat in the last year in favor of
accelerating other digital business initiatives. The CyberArk 2022
Identity Security Threat Landscape Report identifies how the rise
of human and machine identities – often running into the hundreds
of thousands per organization – has driven a buildup of
identity-related cybersecurity “debt,” exposing organizations to
greater cybersecurity risk.
This press release features multimedia. View
the full release here:
https://www.businesswire.com/news/home/20220412005372/en/
Unmanaged and unsecured digital
identities are driving rise in cybersecurity debt. (Graphic:
Business Wire)
A Growing Identities Problem
Every major IT or digital initiative results in increasing
interactions between people, applications and processes, creating
large numbers of digital identities. If these digital identities go
unmanaged and unsecured, they can represent significant
cybersecurity risk:
- Sixty-eight percent of non-humans or bots have access to
sensitive data and assets.
- The average staff member has greater than 30 digital
identities.1
- Machine identities now outweigh human identities by a factor of
45x on average.
- Eighty-seven percent store secrets in multiple places across
DevOps environments, while 80% say developers typically have more
privileges than necessary for their roles.
The 2022 Attack Surface
Secular trends of digital transformation, cloud migration and
attacker innovation are expanding the attack surface. The report
delves into the prevalence and type of cyber threats facing
security teams and areas where they see elevated risk:
- Credential access was the number one area of risk for
respondents (at 40%), followed by defense evasion (31%), execution
(31%), initial access (29%) and privilege escalation (27%).2
- Over 70% of the organizations surveyed have experienced
ransomware attacks in the past year: two each on average.
- Sixty-two percent have done nothing to secure their software
supply chain post the SolarWinds attack and most (64%) admit a
compromise of a software supplier would mean an attack on their
organization could not be stopped.
Getting Into Cybersecurity Debt
Security professionals agree that recent organization-wide
digital initiatives have come at a price. This price is
Cybersecurity Debt: while security programs have expanded, they
have not kept pace with organizations’ investments focused on
driving business operations and growth. This debt has arisen
through not properly managing and securing access to sensitive data
and assets, and a lack of Identity Security controls is driving up
risk and creating consequences. The debt is compounded by the
recent rise in geopolitical tensions, which have reinforced the
need for heightened awareness of the physical consequences of cyber
attacks, especially on critical infrastructure:
- Seventy-nine percent agree that their organization prioritized
maintaining business operations over ensuring robust cyber security
in the last 12 months.
- Less than half (48%) have Identity Security controls in place
for their business-critical applications.
"Spending on digital transformation projects has skyrocketed in
recent years to meet the demands of changed customer and workforce
requirements," Udi Mokady, founder, chairman and CEO, CyberArk.
“The combination of an expanding attack surface, rising numbers of
identities and behind-the-curve investment in cybersecurity - what
we call Cybersecurity Debt - is exposing organizations to even
greater risk, which is already elevated by ransomware threats and
vulnerabilities across the software supply chain. This threat
environment requires a security-first approach to protecting
identities, one capable of outpacing attacker innovation.”
What Can Be Done?
- Push for Transparency: 85% say that a Software Bill of
Materials would reduce the risk of compromise stemming from the
software supply chain.
- Introduce Strategies to Manage Sensitive Access: The top
three measures that most CIOs and CISOs have introduced (or plan to
introduce), each cited by 54% of respondents: real-time monitoring
and analysis to audit all privileged session activity; least
privilege security / Zero Trust principles on infrastructure that
runs business-critical applications; and processes to isolate
business-critical applications from internet-connected devices to
restrict lateral movement.
- Prioritize Identity Security Controls to Enforce Zero Trust
Principles: The top three strategic initiatives to reinforce
Zero Trust principles are: workload security; Identity Security
tools; and data security.
About the Report
The CyberArk 2022 Identity Security Threat Landscape Report
represents the findings of a worldwide
survey conducted by Vanson Bourne of 1,750 IT security decision
makers, highlighting their experiences over the past year in
supporting their organizations’ expanding digital initiatives.
Respondents were based in the US, UK, France, Germany, Japan,
Italy, Spain, Brazil, Mexico, Israel, Singapore and Australia.
Additional Assets:
- Report landing page: https://www.cyberark.com/ISTL22
- Blog: How Digital Identities Drive Cybersecurity Debt, the
Hidden Transformation Trade-Off
1 - Respondents were asked to estimate the number of
applications and accounts, on average, accessed per person in their
organization and not managed by federated identities. 2 -
Respondents were asked about the cyber attacker tactics and
techniques (as laid out in the MITRE ATT&CK® Matrix for
Enterprise covering cloud-based techniques) that represented the
most risk to their organization.
Copyright © 2022 CyberArk Software. All Rights Reserved. All
other brand names, product names, or trademarks belong to their
respective holders.
About CyberArk
CyberArk (NASDAQ: CYBR) is the global leader in Identity
Security. Centered on privileged access management, CyberArk
provides the most comprehensive security offering for any identity
– human or machine – across business applications, distributed
workforces, hybrid cloud workloads and throughout the DevOps
lifecycle. The world’s leading organizations trust CyberArk to help
secure their most critical assets. To learn more about CyberArk,
visit https://www.cyberark.com, read the CyberArk blogs or follow
on Twitter via @CyberArk, LinkedIn or Facebook.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20220412005372/en/
Nick Bowman, CyberArk Email: press@cyberark.com
Highwire PR Email: cyberark@highwirepr.com
Investor Relations: Erica Smith, CyberArk Email:
ir@cyberark.com
CyberArk Software (NASDAQ:CYBR)
Historical Stock Chart
From May 2024 to Jun 2024
CyberArk Software (NASDAQ:CYBR)
Historical Stock Chart
From Jun 2023 to Jun 2024