Feb 25, 2022
0 0

1 in 6 Enterprise Endpoints exposed to identity risks

Written by

Yesterday, Illusive released its Analysing Identity Risks (AIR) 2022 report, which examines the unmanaged, misconfigured and exposed identity risks within organisations. The report shows that all organisations are vulnerable to attack, despite the deployment of privileged account management (PAM), multi-factor authentication (MFA) and other identity and access management (IAM) solutions. Illusive’s security teams witnessed these blind spots firsthand in the financial services, healthcare, and retail sectors.

According to Gartner®, “Many breaches are caused by security and identity tools that have been misconfigured, not fully configured or whose configurations are out of date.”1 As such, exploitable identity risks enable attackers to gain initial access, establish their persistence on a network, elevate their privileges, evade defences, and accelerate their lateral movement until they have taken complete control. Jamie Akhtar, CEO and founder of Cybersmart says that: “This report quite rightly outlines the blindspot many organisations have with poorly managed or configured identity or access management tools. And the situation is more alarming when it comes to the UK’s thousands of small businesses.

The report also includes quantitative insights into unmanaged, misconfigured and exposed identity risks, as well as real-world examples of how these identity risks manifest themselves. Illusive also discovered that:

“As ransomware attacks reach record-breaking levels, the complexity of managing Active Directory and the limitations of existing identity and access management solutions have created an identity security gap that attackers easily exploit,” said Ofer Israeli, CEO & Founder, Illusive. “And it isn’t just a gap – it’s a major blindspot – this research is proof that organisations lack visibility into the identity risks that leave them vulnerable to an attack.”

To conclude, Akhtar claimed that: “Many SMEs are only just becoming aware of the need to use dedicated accounts for administrative activities, let alone proper configuration of access management tools – which is why it’s now included as a requirement of Cyber Essentials certification. This is a great start but we urgently need practical, inexpensive tools to help SMEs better manage account access and identity.”

Disclaimer: GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

The post 1 in 6 Enterprise Endpoints exposed to identity risks appeared first on IT Security Guru.


Article Categories:
Mobile Security

Comments are closed.