In today’s rapidly evolving digital environment, organizations face increasingly complex cybersecurity threats. The proliferation of cloud services and remote work arrangements has increased the vulnerability of digital identities to exploitation, and companies must strengthen their identity security measures.
Our recent research report, underground identity report, provides valuable insights into the challenges and vulnerabilities organizations encounter when managing digital identities. The report paints a vivid picture of “hidden” identity security responsibilities, with attackers leveraging identity threat exposures (ITEs) such as forgotten user accounts and misconfigurations to breach an organization’s defenses, with each ITE posing a significant threat to an organization’s security posture .
In the first threat report to focus entirely on the prevalence of identity security vulnerabilities, the most common identity security vulnerabilities leading to compromise are discovered.
🔗 Get the full report
These findings reveal alarming statistics that highlight the widespread popularity of ITE among organizations of all sizes:
- 67% of organizations unknowingly expose their SaaS applications to insecure password synchronization practices, exposing them to potential threats.
- 37% of admin users still rely on weak authentication protocols such as NTLM.
- 31% of user accounts are service accounts, which attackers try to target because security teams often overlook them.
- A misconfiguration in Active Directory creates an average of 109 new shadow administrators, allowing attackers to change settings and permissions and gain more access to computers as they penetrate deeper into the environment.
The move to a cloud-based environment creates additional challenges as organizations synchronize on-premises user accounts with cloud identity providers (IdPs). While this simplifies access, it also creates a path for attackers to leverage ITE in a local setting to gain unauthorized access to cloud resources.
Ultimately, the dynamic nature of identity threats must be recognized. Cybercriminals continue to evolve their tactics, emphasizing the need for a holistic and layered approach to security. By adopting proactive measures such as multi-factor authentication (MFA) and investing in strong identity security solutions, organizations can increase their resilience against identity-related threats.
Learn more about underground vulnerabilities that expose organizations to identity threats here And heed the report’s findings to prioritize security investments and eliminate identity security blind spots.
