CyberArk Report: Growth of Digital Identities giving rise to Cybersecurity Debt

CyberArk, an information security company offering identity management, announced its CyberArk 2022 Identity Security Threat Landscape Report, which identifies how the rise of human and machine identities has resulted in the accumulation of identity-related cybersecurity ‘debt,’ exposing organizations to greater cybersecurity risk.

Every major IT or digital initiative increases interactions between people, applications, and processes, resulting in the creation of a large number of digital identities. If these digital identities are not managed and are left unprotected, they can pose a significant cybersecurity risk depicting a growing identities problem.

The Attack Surface in 2022, is being expanded by secular trends such as digital transformation, cloud migration, and attacker innovation. The report delves into the prevalence and types of cyber threats that security teams face, as well as the areas where they see increased risk. 

Security experts agree that the recent organizational digital initiatives have come at a cost, this cost is known as cybersecurity debt, which refers to security programs and tools that have grown but have not kept pace with what organizations have put in place to drive operations and support growth. Over 70% of the organizations surveyed have experienced ransomware attacks in the past year. 

Credential access was the number one area of risk for respondents (at 40%), followed by defense evasion (31%), execution (31%), initial access (29%) and privilege escalation (27%). Eighty-eight percent of energy and utility companies have been hit with a successful software supply chain-related attack.

This debt has accumulated as a result of not properly managing and securing access to sensitive data and assets, and a lack of Identity Security controls is increasing the risk and creating consequences. 

The debt is exacerbated by the recent increase in geopolitical tensions, which have already had a direct impact on critical infrastructure, emphasizing the need for increased awareness of the physical consequences of cyber-attacks.

“The past few years have seen spending on digital transformation projects skyrocket to meet the demands of changed customer and workforce requirements.  The combination of an expanding attack surface, rising numbers of identities, and behind-the-curve investment in cybersecurity – what we call Cybersecurity Debt – is exposing organizations to even greater risk, which is already elevated by ransomware threats and vulnerabilities across the software supply chain. This threat environment requires a security-first approach to protecting identities, one capable of outpacing attacker innovation.”

Udi Mokady, Founder, chairman and CEO, CyberArk

In order to reduce this cyber risk, we can Introduce Strategies to Manage Sensitive Access, Prioritize Identity Security Controls to Enforce Zero Trust Principles and Push for Transparency where 85% say that a Software Bill of Materials would reduce the risk of compromise stemming from the software supply chain. 

The 2022 CyberArk Identity Security Threat Landscape Report represents the findings of a worldwide survey conducted by Vanson Bourne of 1,750 IT security decision-makers, highlighting their experiences over the past year in supporting their organizations’ expanding digital initiatives.

CyberArk was founded in 1999 by Alon N. Cohen and the current CEO Udi Mokady and its headquartered in the U.S. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. 

Read more stories