Considering 90% of organizations experienced at least one identity-related incident in the past year, it’s clear that attackers aren’t hacking into organizations anymore, they’re logging in. Identity has become the most coveted perimeter for both attackers and defenders. As enterprises adopt hybrid environments, identity emerges as the focal point, influencing how attackers conduct breaches and how defenders strategize their protections.
Complexity of hybrid environments
As organizations transition to the cloud and integrate on-premises infrastructure, cloud services, and remote workspaces into a single, interconnected ecosystem, the threat landscape becomes even more complex. This complexity provides multiple entry points for attackers, making it easier for them to breach a single weak spot and pivot across different environments. A single compromised entry point in this hybrid setup can lead to significant data breaches.
Expanding identity attack surface
The number of identities that security teams must protect is immense and continues to grow, making the identity attack surface a prime target for attackers. Every user — whether customer, employee, partner, or vendor — along with every device and service account within the cloud and network, represents a potential attack vector.
According to the Identity Defined Security Alliance (IDSA), 98% of organizations have
seen an increase in identities, and 62% lack visibility into the entities accessing their
sensitive data and assets.
Overlooked machine and service identities
Machine identities, including APIs, bots, and service accounts, are often overlooked but pose unique challenges. Unlike human users, these identities cannot utilize Multi-Factor Authentication (MFA) yet they frequently have access to critical resources. Silverfort reports that 31% of all users are service accounts with high access privileges and low visibility. Moreover, a single Active Directory misconfiguration can introduce an average of 109 shadow admins, allowing attackers to reset true admins' passwords.
Attackers’ requirements: Identity and network access
Groups like Scattered Spider and ALPHV/Black Cat use a variety of tactics to exploit legitimate access credentials. The rapid increase in enterprise identities and the lack of visibility into identities provide attackers with numerous opportunities to infiltrate networks and progress their attacks. As attackers pivot between on-premises and cloud environments, defenders often rely on siloed tools to manage these fast-moving, hybrid threats.
Siloed detection and limitations in prevention
Unfortunately, siloed detection tools lead to delayed reaction strategies that separately monitor on-premises and cloud environments. This segmentation creates challenges in identifying attackers who seamlessly exploit the interconnected nature of modern enterprise infrastructure.
Further, preventive measures like MFA and Endpoint Detection and Response (EDR) are essential but not foolproof. Attackers can bypass MFA through social engineering or compromised devices, and EDR solutions might miss subtle signs of identity compromise. Thus, organizations need to complement prevention with robust detection and response capabilities.
GenAI and the Expanding Attack Surface
Generative AI (GenAI) tools like Microsoft Copilot aim to enhance productivity, but they also introduce new attack surfaces. These tools, powered by large language models (LLMs), have access to proprietary corporate data, which attackers can exploit to increase the speed and scale of their identity-based attacks. Therefore, organizations must implement detection and monitoring capabilities to prevent abuse of GenAI tools.
The need for identity threat detection and response (ITDR)
Attackers have found ways to bypass preventive measures and identity posture tools, necessitating the adoption of Identity Threat Detection and Response (ITDR). ITDR acts as an additional layer of defense, detecting and responding to identity threats after prevention measures have been circumvented. To explore the full ITDR report with insights and best practices for boosting your identity security strategies, visit Vectra.AI.
