Businesses need to rethink how they implement identity security

More than 80% of organizations have experienced an identity breach involving the use of compromised credentials, half of which occurred in the last 12 months, according to Silverfort and Osterman Research.

Lack of visibility into the identity attack surface

Continued misalignment between security and identity teams poses another challenge for CISOs. Surface visibility of identity attacks continues to be insufficient, leaving organizations exposed to malicious actors who can access their environments, move laterally within their networks, and wreak havoc in minutes.

Identity attack surface protection – which goes well beyond traditional identity access management tools – is the last line of defense to detect and prevent such threats in real time.

65% of organizations have not implemented MFA comprehensively enough to provide good protection. Additionally, only 10% of organizations have fully deployed PAM and have high confidence in its ability to prevent malicious use of privileged credentials due to the notorious complexity of implementing such solutions at scale .

Real-time protection is missing

94% of organizations do not have full visibility into their service accounts (non-human identities), making these highly vulnerable and often privileged identities a prime target for attackers. 78% of organizations admit they cannot prevent misuse of service accounts in real time, due to low visibility and inability to enforce MFA or PAM protection.

Only one in five organizations are confident in their ability to prevent identity threats. Very few companies are confident they can stop malicious access or lateral movement using compromised credentials.

“Today’s organizations face the challenge of securing multiple digital identity “silos” in complex hybrid and multi-cloud environments. Each of these environments has different identity security controls, which do not work together and result in partial security, inconsistent user experience and redundant costs,” said Hed KovetzCEO of Silverfort.

“What’s more, some of the most critical systems in every business don’t have identity security at all, and bad actors know it. This new research highlights that organizations need to rethink how they implement identity security and develop a strategy that covers the entire identity attack surface – including human and non-human identities, privileged users and non-privileged, on-premises and cloud environments, IT environments. and OT infrastructure, as well as many other areas that they previously failed to protect,” concluded Kovetz.