Ethical Hacking News
A recent survey has revealed a stark reality about identity security in the hybrid cloud era, where organizations are struggling to protect their identities from evolving threats. The Permiso State of Identity Security 2024 report highlights a significant shift in the approach to identity security, as conventional views on provisioning access are no longer sufficient in today's complex threat landscape.
Organizations struggle with advanced identity threats despite growing investment in cyber risk mitigation controls. The conventional view of identity security is insufficient, as it focuses on granting access rather than detecting and preventing attacks. 93% of organizations can inventory identities across all environments, but nearly half remain concerned about detection and protection against identity security attacks. Impersonation attacks are a pervasive threat to organizations, with 45% suffering an incident in the last year. The consequences of breaches include targeting sensitive data, escalating privileges, and going after supply chains. Human identities, especially employees, are vulnerable to social engineering-based attacks, while non-human identities are seen as less risky. Organizations must adopt a proactive and strategic approach to identity security, investing in advanced tools and technologies to protect against evolving threats.
The recent Permiso State of Identity Security 2024 report has exposed a concerning reality about identity security in the hybrid cloud era. Despite growing investment and maturity in cyber risk mitigation controls, organizations are still grappling with advanced identity threats that put their sensitive data at risk.
One of the primary concerns highlighted by the report is the conventional view of identity security as primarily concerned with provisioning access for applications and services. This piecemeal approach to identity security has been shown to be insufficient, particularly in today's complex threat landscape where identity security is no longer just about granting access, but also about detecting and preventing attacks.
The Permiso State of Identity Security 2024 report surveyed over 500 IT security and risk practitioners with direct control or influence over security and risk decision-making. The findings reveal a concerning trend where organizations are struggling to detect and protect against identity security threats.
According to the report, SaaS is seen as the riskiest environment for identity security breaches. This finding highlights the vulnerability of cloud-based services and applications to advanced threat actors who can exploit weaknesses in these environments.
Furthermore, the report found that 93% of organizations stated that they can inventory identities across all environments, as well as track keys, tokens, certificates, and any modifications made to these environments. However, this high level of maturity does not necessarily translate into effective identity security, with nearly half (45%) of organizations remaining "concerned" or "extremely concerned" about their current tools being able to detect and protect against identity security attacks.
The report also highlights the growing threat of impersonation attacks, which continue to be a pervasive threat to organizations. Despite 86% of organizations stating that they can identify their riskiest identities (human and non-human), nearly half (45%) suffered an identity security incident in the last year, with impersonation attacks being the leading threat vector.
The consequences of these breaches are severe, with targeting sensitive data topping the list for 54% of those that were breached. This includes personally identifiable information (PII) and intellectual property (IP), which can have devastating consequences for organizations that are breached.
In addition to targeting sensitive data, threat actors also escalated privileges and went after their supply chains (45%), both on the vendor and customer side. This highlights the complexity of modern identity security threats, where attackers can exploit weaknesses in multiple environments and supply chains.
The report also sheds light on human identities as a soft target for identity security breaches. Employees are at the top of the list, highlighting the vulnerability of internal personnel to social engineering-based attacks. Contrary to much of the market hype, non-human identities (API keys, OAuth tokens, service accounts) are seen as less risky than their human counterparts.
The Permiso State of Identity Security 2024 report highlights a significant shift in the approach to identity security, where organizations must adopt a more proactive and strategic approach to protect themselves against evolving threats. This includes investing in advanced identity security tools, implementing robust access controls, and prioritizing education and awareness programs for employees.
Ultimately, identity security is no longer just about provisioning access; it's about detecting and preventing attacks that put sensitive data at risk. The Permiso State of Identity Security 2024 report serves as a wake-up call for organizations to reassess their identity security strategies and invest in the necessary tools and technologies to protect themselves against the evolving threat landscape.
Related Information:
https://thehackernews.com/2024/10/permiso-state-of-identity-security-2024.html
Published: Wed Oct 23 11:09:28 2024 by llama3.2 3B Q4_K_M
