Identity Sprawl: A Critical Obstacle to Controlling Cyber Threats

27
Identity Sprawl: A Critical Obstacle to Controlling Cyber Threats

Every day there is a new cyber-threat incident in the headlines. Unlike earlier, modern organizations manage numerous identities, making it difficult to monitor and manage them all.

Excess digital identities, also known as ‘identity sprawl’ has increased significantly on a global scale. This phenomenon has been driven by surges in user identities (internal, third parties, and of course customers), machine identities, and new accounts generated in response to an uptick in remote work.

Users manage fewer credentials, and a significant consequence of identity sprawl is that users recycle passwords across different services, leaving enterprises open to credential-stuffing. Lost and stolen credentials’ availability on the dark web creates a dictionary, brute force, and hybrid attacks. The difficulty posed by starting an attack with known credentials increases the likelihood of its success and profitability.

Also Read: Deep Learning and how it is Transforming the Cybersecurity Landscape

Managed identities creating risk

In the ‘Dimensional Research-conducted survey’, around 1,009 security professionals revealed that identity sprawl is one critical obstacle to overcome as businesses seek to optimize their overall cyber-security posture. Half of all companies use over 25 different systems to manage access rights.

The challenge here is the fragmented way most organizations address identity security. Multiple silos yield deficiency in visibility of system accessibility.  

Managing identity security is not an easy job instead, it involves complexity and risk. Around 85 percent of organizations have employees with more privileged access than necessary, making it easier for bad actors to exploit unknowing internal stakeholders to gain access to a given organization.

However, there are IT professionals (nearly 12%), who are fully confident that they can prevent any credential-based cyber-attack. Attackers often steal insider credentials to gain initial access, bypassing an organization’s security measures.  Businesses cannot monitor large number of identities, which creates gaps, inconsistencies and expands windows of exposure.

Also Read: Making Cybersecurity Awareness a Priority in the Aftermath of Phishing Attacks

unified identity and access management platform

To bridge this gap a holistic identity management strategy can be helpful and is a proven way for global businesses to optimize visibility, control, and protection.

There is a trend toward an end-to-end approach for identity security. According to the industry leaders, a unified identity and access management platform would streamline their business’s process.

Around 94 percent of organizations have deployed bots to keep an eye on and prevent increasing ransomware (66 percent) and phishing (52 percent) incidents. Organizations need to chalk out a clear plan to bolster business resiliency to invest in enhanced identity and governance administration easily (IGA) and privileged access management (PAM) solutions to secure and govern growing identity ecosystems.

For more such updates follow us on Google News ITsecuritywire News