Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
While there are few organizations that would deny the importance of cybersecurity, many security leaders are struggling to get the buy-in they need from business leaders to enhance their company’s security posture.
Research released by privileged access management (PAM) provider Delinea today surveyed 2,100 IT decision makers, and found that 75% of IT and security professionals believe they’ll fall short of protecting privileged identities because they don’t get the support they need.
Going further, 63% said that their company’s board still doesn’t fully understand identity security and the role it plays in enabling better business operations.
For enterprises, this highlights that there is a fundamental disconnect between security leaders and board members, and the level of importance they assign to cybersecurity compared to other long-term business goals.
The need for security alignment and identity protection
Making the mistake of overlooking security as a strategic priority can be a costly decision, with the average cost of a data breach totalling $4.24 million.
With lack of buy-in from business executives, it’s unsurprising that 84% of organizations in Delinea’s study reported that they have experienced an identity-related breach or attack using stolen credentials during the previous year and a half.
However, even organizations that do prioritize security as a business objective still need to come to grips with protecting privileged identities.
“The security gap is continuing to get larger. While many organizations are on the right path to securing and reducing cyberrisks to the business, the challenge is that large security gaps still exist for attackers to take advantage of. This includes securing privileged identities,” said chief security scientist and advisory CISO at Delinea, Joseph Carson.
“When businesses still have many privileged identities left unprotected, such as application and machine identities, attackers will continue to exploit and impact businesses operations in return for a ransom payment,” Carson said.
Carson notes that at the heart of the challenge of securing these identities is the tendency of enterprises to overlook the importance of protecting machine identities.
Machine identities present serious enterprise risks and often have poorly optimized security controls. As a result, they provide an entry point that an attacker can use to gain access to a network.
The way forward: proactive IAM
Organizations that are aligned on the importance of securing identities are quickly turning to identity and access management (IAM) solutions to manage and audit identities, with the global identity and access management market expected to grow from $13.41 billion in 2021 to $34.52 billion in 2028.
While more organizations are adopting IAM solutions, managing identities at scale and at the pace of modern enterprise users is difficult. When you have lots of users accessing services from different locations across the world, it becomes very difficult to maintain visibility.
That’s why Gartner recommends that organizations and vendors should use more advanced and machine-learning-based analytics to automate the processing of authentication and access data and logs to simplify access management for security teams.
Organizations can then amplify their access management strategies further by working toward a zero-trust approach. That means eliminating implicit trust and continuously authenticating all users and devices.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.