INDUSTRY WATCH privileged information automatically . However , only 52 % of UAE and KSA organisations manage and secure machine identities , while a concerning proportion leave them exposed and vulnerable to attack . and Saudi organisations surveyed allow privileged users to access sensitive systems and data without requiring Multi-Factor Authentication ( MFA ).
The report brings to light another dangerous oversight . Privileged identities include humans , such as domain and local administrators , as well as non-humans , such as service accounts , application accounts , code and other types of machine identities that connect and share
“ Cybercriminals look for the weakest link and overlooking ‘ non-human ’ identities-particularly when these are growing at a faster pace than human users – greatly increases the risk of privilege-based identity attacks ,” said Carson .
“ When attackers target machine and application identities they can easily hide , moving around the network to determine the best place to strike and cause the most damage . Organisations need to ensure machine identities are included in their security strategies and follow best practices when it comes to protecting all their IT ‘ superuser ‘ accounts which , if compromised , could bring the entire business to a halt .” p
74 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com