56% admit that their company cannot stop a supply chain-related attack.
58% of Spanish cybersecurity professionals acknowledge that cybersecurity has taken a back seat in the past year, according to a study by CyberArk. This report, “CyberArk 2022 Identity Security Threat Landscape Report” has tried to identify how the increase of people and machines in organizations has meant a debt in cybersecurity.
With every digital initiative comes an increase in interactions between people, which increases the number of digital identities; which, if not protected, represent a significant risk. In fact, because of digital transformation, migration to the cloud and new techniques, the attack surface is expanding.
The debt that exists in cybersecurity has arisen, specifically, from not managing and securing access to sensitive data and assets properly. And, in addition, geopolitical tensions have had a direct impact on infrastructure.
“In recent years, Spanish organizations have accelerated the implementation of digital transformation plans and are achieving greater competitiveness thanks to teleworking and the adoption of hybrid or multi-cloud environments. However, there is the other side of the coin, as these environments generate immense growth of human and non-human identities, making the attack surface increasingly larger and more difficult to defend. Organizations are increasingly aware of the need to enhance their cybersecurity strategies. In fact, more than half of the companies with access to Next Generation Recovery Funds plan to use them to improve their security,” said Roberto Llop, Regional Vice President Sales, West & South Europe at CyberArk. “Identities with excessive permissions represent a huge risk and it is imperative to establish robust Zero Trust models and protect privileged credentials to break the attack chain.”
But what can be done to reverse this situation?
- Support transparency: Inventorying software products would reduce the risk of compromise arising from the software supply chain.
- Introduce strategies to manage access to sensitive data: Real-time monitoring and analysis, Zero Trust infrastructures and processes to isolate business-critical applications from Internet-connected devices, for example.
- Prioritize identity security controls to enforce Zero Trust principles: workload security, Identity Security tools and data security are the main initiatives to reinforce Zero Trust principles.