Dive Brief:
-
Seven out of every 10 organizations suffered at least one identity-related breach over the past year, according to a report released Tuesday by Sophos. Organizations, on average, reported three separate identity-related incidents during that time.
-
Two-thirds of ransomware victims said the cyberattack stemmed from an identity-related incident, said Sophos. The report is based on a survey of 5,000 IT and cybersecurity leaders across 17 countries.
- The mean recovery cost was $1.64 million, read the report, and the median cost was $750,000. Seven of every 10 respondents reported recovery costs of more than $250,000.
Dive Insight:
The report underscores the increasing role identity plays in modern enterprise security.
“Identity is now the perimeter of cybersecurity, and that perimeter is expanding faster than most organizations can track,” Chester Wisniewski, Director, Global Field CISO at Sophos, told Cybersecurity Dive via email. “As cloud adoption, remote work, and machine-to-machine connectivity accelerate, every credential, API key, service account, and OAuth token becomes a potential entry point.”
Hackers are increasingly using identity as the main point of attack, Wisniewski said, because it allows them to bypass traditional security defenses, move laterally within systems and get faster access to sensitive data.
Identity-based cyberattacks impact critical sectors as well. Oil and gas and utility companies, followed by government agencies, reported the highest breach rates across various industries.
Successful identity attacks are largely due to a combination of human error and poor management of non-human identities, according to the report. Only 24% of companies regularly monitor for unusual logins and fewer than one-third of organizations regularly rotate non-human credentials.
