One of the main reasons why large enterprises with significant resources find themselves continuously facing cyber incidents is their failure to protect digital identity information, such as that of employees and customers, according to findings released last week.
According to a survey, 100% of respondents confirmed that their organizations experienced a security compromise in the last year, with 32% stating that one million or more digital identities were compromised. Further, 71% of respondents reported that compromised identities led to unauthorized access to data that should have been deleted or destroyed, said US-based enterprise identity security company SailPoint Technologies.
The industries with the largest representation in the survey are computer manufacturing (hardware, software, peripherals), computer and networking services/consulting, information technology, internet/application services, data processing services, banking and retail, the company said.
"Clearly, the pivot toward cloud adoption and rapid access to critical apps and systems in the last year has accelerated the pace of business. This has generally been great for business, but there is a downside to rapid technology adoption. The results of this study have confirmed what many of us have observed anecdotally for years," said Grady Summers, EVP of Product at SailPoint.
"A good security program starts with securing identities. We make it too easy for attackers when identities are left active months after the users have departed the organization or when an identity has far more privilege than is needed to get the job done." Summers said the survey results "clearly show how organizations can limit the blast radius of an attack by focusing on identity security."
According to SailPoint, additional findings include:
-75% of respondents said that the compromise(s) were facilitated by over-entitled/over-permissioned access.
-83% said the compromise(s) included unauthorized access to digital identity information, including that of employees, partners, contractors and customers.
-66% of respondents said digital identities that should have been inactive were compromised during the security incident.
The survey was conducted among approximately 260 technology professionals, with 40% of respondents serving as IT managers/directors, and 29% as security managers/directors. As for their places of employment, 34% work for enterprises with more than 10,000 employees, and 21% work at companies with over 50,000 employees. Companies with fewer than 500 employees were not considered for the survey, according to SailPoint.