With the explosive growth of digital identity in 2022, global organizations are facing greater network security

according to CyberArk Released Tuesday 2022 Status report on identity security threats in , The wave of digital planning of global organizations has created an explosive growth of human and machine identities , These identities are increasing the risk of these organizations to blackmail software and supply chain threats .

The report found that , Under investigation 1750 name IT Among safety decision makers , Nearly four fifths （79%） Think , Relative to others IT And digital plan , Security is taking a back seat . These initiatives , Especially those who give priority to remote or mixed work 、 New digital services for customers and citizens, as well as increased initiatives for remote suppliers and supplier outsourcing , Hundreds of thousands of new digital identities have been created in each organization , This may increase the risks they face to network security .

“ The commonalities we see in most attacks - Whether it's data leakage , Or is the service shut down - It's all about identity compromise ,”CyberArk Technical director David Higgins say .“ This is one of the common goals of attackers . If they can destroy the way that identity authenticates resources , So this is how lateral movement happens . The more identities we have , The bigger the attack surface we have .

The new business plan increases the number of computer logos

The report states that , The number of digital identities in the organization is very high , And with the launch of high priority initiatives , This digital identity will continue to grow .“ On average, a human user has 30 An independent identity - This may be a low number ,” Higgins said .“ If that person leaves , And there is no good life cycle management plan , You may have 30 Orphan accounts .

For machine identity , It's even worse , According to the report , There are more machine identities than human identities 45 Than 1.“ The number of machine identities reflects the way organizations operate today ,” Higgins explained .“ Automation is a key focus , Every time automation enters mixing , Need more machine identities .

Higgins say , Machine identity may bring greater risks to organizations than human identity , Because they may be more difficult to monitor .“ The traditional behavior analysis of human users cannot be applied to machines , So the more machine identities you have , The more difficult the problem is .

70% Our organization has experienced extortion software attacks in the past year

In addition to the number of identities being created , There are also the number of identity documents that can access sensitive information . according to CyberArk The data of , More than half of the employees in the organization （52%） You can usually access sensitive information , And more than two-thirds of non-human （68%） Access to sensitive data and assets .“ External or internal threat participants only need a damaged identity to start the attack chain ,” According to the report .“ The acceleration of digital planning and the resulting surge in digital identity , Constitute an expanding attack surface .

The report also found that ,70% In the past 12 Experienced blackmail software attacks within months - Twice on average - 71% Our organization has suffered from successful supply chain related attacks .

According to the report , The expanding attack surface , The rapidly spreading identity and lagging network security investment together make organizations face a higher level of network security risks . The attacker knows this , And always follow the parallel path of innovation and investment to exploit vulnerabilities .

The next logical step is to implement the zero trust principle , Put this defensive thinking into practice .

The original is translated from CSO, author John P. Mello Jr., Super technology translation , Please indicate the source and original text of the reprint of the cooperation site. The translator is super technology ！

Hi, I'm super technology

Super technology is an information security expert , Can defend without upper limit DDos Attack and CC attack , Alibaba cloud strategic partner ！