March 17, 2023 7:07 AM
Image Credit: Oren Hope via DALL-E 2
Things are rapidly growing more challenging on the security front in 2023. Many CISOs didn’t expect this much pressure to consolidate tech stacks, make budgets go further and do better at stopping identity-driven breach attempts. CISOs tell VentureBeat that access management (AM), identity and access management (IAM) and privileged access management (PAM) are under attack by threat actors who can quickly monetize stolen identities by becoming access brokers or working with access brokerages.
These access brokerages sell stolen credentials and identities in bulk at high prices on the dark web. This helps explain the skyrocketing rate of attacks aimed at exploiting gaps created by cloud infrastructure misconfigurations and weak endpoint security.
CrowdStrike’s latest Global Threat Report found that cloud attacks aimed at stealing and taking control of credentials and identities grew 95% in 2022. And a recent Unit 42 Cloud Threat Report found that 99% of analyzed identities across 18,000 cloud accounts from more than 200 organizations had at least one misconfiguration, indicating gaps in IAM protection.
Identity-driven attacks are the digital epidemic that no CISO or CIO wants to discuss. Yet they are ravaging mid-tier manufacturers who are months or years behind on security pa...