100% of surveyed security and IT leaders confirmed that their organizations experienced a security compromise in the last year
SailPoint Technologies Holdings, Inc the leader in enterprise identity security, today released the findings from a new survey of security and IT managers/directors that explored why large, well-resourced enterprises are continuing to be compromised. The one common denominator that stands out above the rest as a leading facilitator of cyber incidents – digital identities.
According to the report, all respondents (100%) confirmed that their organizations experienced a security compromise in the last year, with 32% of respondents stating that one million or more digital identities were compromised. Further, 71% of respondents reported that compromised identities led to unauthorized access to data that should have been deleted or destroyed.
“Clearly, the pivot toward cloud adoption and rapid access to critical apps and systems in the last year has accelerated the pace of business. This has generally been great for business, but there is a downside to rapid technology adoption. The results of this study have confirmed what many of us have observed anecdotally for years,” said Grady Summers, EVP of Product at SailPoint. “A good security program starts with securing identities. We make it too easy for attackers when identities are left active months after the users have departed the organization or when an identity has far more privilege than is needed to get the job done. I found the survey results fascinating because they clearly show how organizations can limit the blast radius of an attack by focusing on identity security.”
Additional takeaways include:
75% of respondents said that the compromise(s) were facilitated by over-entitled/over-permissioned access;
83% said the compromise(s) included unauthorized access to digital identity information, including that of employees, partners, contractors, customers and;
66% of respondents said digital identities that should have been inactive were compromised during the security incident.
Methodology TAG Cyber surveyed 262 technology professionals about identity-based cybersecurity incidents, with 40% of respondents serving as IT managers/directors and 29% as security managers/directors. The remainder are spread across security- and IT-related categories.
The industries represented in the respondent pool are similarly diverse. Top five industries represented are computer manufacturing (hardware, software, peripherals), computer and networking services/consulting, information technology (the write-in for “other”), internet/application service provider, and data processing services. Bank and retail tied for sixth place.
34% of individuals surveyed work for large enterprises (more than 10,000+ employees), with 21% working in companies with 50,000+ plus employees, and 66% of respondents work for medium-sized businesses. Companies with fewer than 500 employees were not considered for this survey.