A recent study on “The State of the Identity Attack Surface” [1], commissioned by Silverfort and conducted by Osterman Research, uncovers the pressing challenges and gaps in organizations’ protective measures against identity threats. Here’s a concise tl;dr summary for those pressed for time.
Identity Threats and Their Expansive Surface
Over 80% of organizations have experienced a breach related to compromised credentials.
The risk of identity breaches and attackers taking over accounts, moving laterally through the network and spreading ransomware remains high. The vast identity attack surface encompasses all resources accessed with user credentials, from standard users to administrators and service accounts. The paramount challenge lies in discerning when these valid credentials are maliciously exploited and ensuring real-time protection against these threats. While measures like MFA and PAM are essential, their effectiveness is contingent on correct deployment and usage.
MFA: A Critical Defense, Yet Underutilized
65.4% of organizations haven’t implemented MFA comprehensively, leaving significant vulnerabilities.
MFA significantly reduces the risk of credential compromise attacks. However, its effectiveness is compromised when not applied comprehensively across all resources and access methods. Only 34.6% of organizations have MFA protection in place for the majority of their workforce.
PAM: Strengthening Identity Security
73.4% of organizations face difficulties in fully implementing their PAM solutions, primarily due to resource constraints.
PAM enforces elevated access controls over privileged accounts, making it a crucial identity security tool. While most organizations invest in PAM, many are struggling to overcome deployment challenges. 14% of organizations have not yet started deploying PAM and only 10.2% have their PAM solutions fully deployed and onboarded.
Service Accounts: The Silent Threat
Only 5.7% of organizations have full visibility into their service accounts, with 62% having only partial visibility.
Service accounts, designed for machine-to-machine interactions, become prime targets for attackers, given their elevated access privileges. These accounts are especially vulnerable as they not only lack MFA protection but also pose challenges in PAM integration. Despite these vulnerabilities, a majority of organizations (61.8%) express only medium confidence in their ability to prevent misuse by attackers, often due to the lack of reliable real-time controls.
Resilience Against Identity Attacks
80.5% of organizations have low to partial confidence in blocking malicious access with compromised credentials.
Organizations express varied confidence levels in preventing malicious access to critical resources, from IT infrastructure to virtualization platforms. With only 22.4% being confident they can halt lateral movement with compromised credentials, it underscores the importance of a comprehensive security strategy.
Final Thoughts
Identity threats remain a significant concern for organizations worldwide. As the study suggests, there’s an urgent need for comprehensive protective measures that address the ever-evolving threat landscape. Collaboration with industry leaders like Silverfort is crucial in this endeavor.
iC Consult & Silverfort: Collaborating for Superior Identity Protection
The comprehensive study was commissioned by our partner Silverfort, a leader in the realm of Identity Threat Protection. Silverfort is a pioneering force in next-generation authentication and zero-trust solutions, offering adaptive multi-factor authentication across corporate networks and cloud environments. Together with Silverfort, we empower our customers to effectively safeguard their digital assets, streamline authentication processes, and fortify their overall security posture against evolving threats.
If you’re looking to enhance your organization’s authentication measures, don’t hesitate to contact iC Consult for tailored solutions and expert guidance.