September 27, 2022

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


Every major IT-related initiative — from enabling hybrid work to introducing new digital services for customers or citizens — results in more digital interactions between people, applications and processes. A new report by CyberArk highlights how the rise of human and machine identities has driven a buildup of identity-related cybersecurity “debt,” exposing organizations to greater cybersecurity risk.

Recent organization-wide digital initiatives have come at the price of compiled cybersecurity debt — driven by security investments that haven’t kept pace with organizations’ efforts to focus on driving business operations and growth. Seventy-nine percent agree that their organization prioritized maintaining business operations over ensuring robust cybersecurity in the last 12 months.

This acceleration of digitization and the resulting surge in digital identities feed into an expanding attack surface. Over 70% of the organizations surveyed have experienced ransomware attacks in the past year. The report found credential access was the top area of risk for respondents (at 40%), followed by defense evasion (31%), execution (31%), initial access (29%) and privilege escalation (27%). 

The debt is compounded by the recent rise in geopolitical tensions, which have reinforced the need for heightened awareness of the physical consequences of cyberattacks, especially on critical infrastructure. The report found 88% of energy and utilities companies have experienced a successful software supply chain-related attack.

Participants identified several new measures their organizations have either already introduced, or plan to introduce to help reduce cybersecurity debt. The top three measures, each cited by 54% of respondents, are real-time monitoring and analysis to audit all privileged session activity; least-privilege security / zero-trust principles on infrastructure that runs business-critical applications; and processes to isolate business-critical applications from internet-connected devices to restrict lateral movement. 

The report represents the findings of a worldwide survey conducted by Vanson Bourne of 1,750 IT security decision makers, highlighting their experiences over the past year in supporting their organizations’ expanding digital initiatives. Respondents were based in the U.S., U.K., France, Germany, Japan, Italy, Spain, Brazil, Mexico, Israel, Singapore and Australia.

Read the full report by CyberArk.

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Author

Topics