Time to Wake Up: The Defenses of the Identity Attack Surface are Broken

Home » Blog » Time to Wake Up: The Defenses of the Identity Attack Surface are Broken

Today we released the world’s first report into the identity attack surface conducted by Osterman research and commissioned by Silverfort – The State of the Identity Attack Surface: Insights into Critical Security Gap.

The report provides two key insights for security stakeholders:

  1. Identity is a highly targeted attack surface with compromised user credentials serving as the main attack vector.
  2. Security controls of this attack surface are poorly implemented, In most organizations, leaving it at critical risk of exposure.

What is the identity attack surface?

The identity attack surface includes all the organizational resources that are accessed with user credentials. Attacks use them to gain malicious access to these resources—prominent examples of which are account takeover, lateral movement, and internal ransomware spread.

Why is the identity attack surface still exposed?

The rise of identity threats is already common knowledge. What is significantly less known – and misunderstood – is why they continue to be instrumental in most major cybersecurity incidents.

To quantify the key weaknesses that keep organizations vulnerable, this report examines the defenses they have in place – such as Multi-Factor Authentication (MFA), Privileged Access Management (PAM) and others – while bringing the perspective and voice of the identity security teams who are accountable for their deployment and operation.

Our findings can be neatly summarized: Identity-based attacks and threats thrive because of critical gaps in organizations’ security stacks.

The identity attack surface is a priority for all

Identity security teams have acknowledged that the solutions and practices that aim to prevent malicious access with compromised credentials are subject to significant coverage gaps rendering their protection practically ineffective. These gaps are either in the percentage of critical resources that are protected, or in the number of users they are applied to.

This insight is a common and indisputable consensus amongst IAM directors, architects, and identity infrastructure managers. However, it rarely passes the doorstep of CIOs, executives, and board members. One of our key motivations in commissioning this report was to bring this first-hand voice to the attention of higher-level decision-makers.

Actionable Insights: asking the right questions to lock down the identity attack surface

Taking action from these findings really requires a shift in mindset – a shift in the questions business and security leaders must ask themselves. The right question to ask is not whether MFA budgeted for and acquired. The answer in almost all cases would be yes. Instead, they should be asking whether their MFA solution covers all resources and access methods used by adversaries. This is a whole different ball game, and the answer to that will surprise you.

Similarly, it’s not enough to ask whether you’ve started a PAM journey Instead the question should be can we protect our privileged users AND service accounts? Our research shows that only 5.7% of organizations have full visibility into their service accounts, and 78% of organizations cannot prevent the misuse of service accounts in real-time, since security is sporadic or missing.

For this reason – to help this vital mindset shift – The State of the Identity Attack Surface report is much more than just a pack of interesting identity security findings. It’s also a tool to benchmark your organization’s resilience against identity threats. It provides you with the right questions to ask to assess the exposure of your organization’s identity attack surface.

It’s time to completely rethink identity security – and it’s easier than it sounds

The identity attack surface is at the forefront of today’s cyber threat landscape. Every passing incident in the headlines proves that businesses cannot implicitly trust that the purchase and deployment of identity security controls translates into sound resilience against identity threats. In fact, in most cases the opposite is true.

It is clear, therefore, that we must fundamentally rethink identity security in order to put a halt to the exponential growth of identity-based attacks and threats. The first step towards this is to get a clear, impartial view of the key security gaps exposing the identity attack surface. The State of the Identity Attack Surface report is a good place to start this journey.

Download the report here.

Stop Identity Threats Now