Organisations are exposed to greater risk due to cybersecurity debt, according to a report.
About 80% of organisations in Singapore experienced ransomware attacks last year, the CyberArk 2022 Identity Security Threat Landscape Report showed.
Based on the report, organisations are being exposed to greater risk due to identity-related cybersecurity “debt.”
CyberArk said cybersecurity debt exists when “security programs and tools that have grown but not kept pace with what organisations have put in place to drive operations and support growth.”
“This debt has arisen through not properly managing and securing access to sensitive data and assets, and a lack of Identity Security controls is driving up risk and creating consequences,” CyberArk added.
The findings of the report showed that machine identities now outweigh human identities by a factor of 27x on average and that the average staff member has greater than 28 digital identities.
If digital identities go unmanaged and unsecured, “they can represent significant cybersecurity risk,” according to CyberArk, adding that 74% of non-humans or bots have access to sensitive data and assets.
Are steps being taken?
Despite the risks, 82% of organisations have pushed back the spotlight from cybersecurity plans, with even 69% saying they have done nothing to secure their software supply chain post the SolarWinds attack.
Also, only 46% of those surveyed said they have Identity Security controls in place for their business-critical applications.
What can be done?
Whilst cybersecurity might have taken a backseat in every organisation’s key priorities, security professionals aid steps should still be taken to reduce cybersecurity risk.
These steps include the push for a Software Bill of Materials (89%); reinforcement of Zero Trust principles on infrastructure that runs business-critical applications (64%); elimination of embedded credentials to secure passwords, secrets and other credentials used by applications machines and scripts (64%); and real-time monitoring and analysis to audit all privileged session activity (59%).