Venafi's Kevin Bocek discusses the costs of having unprotected machine identities, and how to prevent cyber attacks that target them
While the potentially significant costs stemming from cyber attacks are well-known, oversights like unprotected machine identities continue to cost companies billions of dollars each year. Kevin Bocek, vice president of security strategy and threat intelligence at US cybersecurity firm Venafi, discusses the associated risks, and how to defend against them, in more detail.
We are now living in a machine-driven world. wFrom cloud services, microservices, virtualised applications and edge computing, to IoT (Internet of Things), digital transformation is accelerating.
Machine-to-machine connections are increasing rapidly and are forecast to reach 14.6 billion by 2022.
This means they will account for more than half of all global connections in the next two years.
In the enterprise, machines control our most sensitive data and the way in which these communications are authorised means they are a primary risk for organisations.
To secure machine-to-machine communications today, enterprises rely on machine identities.
However, the growth in the number of machines in use, the speed at which they are being created and changed, and the varied types of machines that need to communicate securely, are making it increasingly difficult to create, manage and protect machine identities.
All of these factors are also widening the attack surface for cybercriminals.
In the wrong hands, machine identities can be a powerful tool, allowing attackers to hide malicious activity and steal a wide range of sensitive data.
Time and time again we’ve observed machine identity failures – from Equifax and LinkedIn, to O2 and Microsoft.
Even Covid-19 testing has now fallen victim placing lives at risk – yet organisations still don’t seem to fully understand the risks, with machine identities often left poorly protected.
Cyber attack costs from unprotected machine identities
Cyber attacks can have an unprecedented impact on the global economy, but how much do unprotected machine identities really cost us?
According to a recent report from AIR Worldwide and Venafi, between $51bn to $72bn in losses to the worldwide economy could be eliminated through the machine identity management.
Furthermore, the largest companies, those with revenues of more than $2bn, suffer the highest proportion of losses as a result of failing to protect machine identities.
Importance of machine identities for companies
Misused machine identities can cause such devastating financial losses in organisations as they support such a wide variety of vital business functions.
Machines use encrypted connections to establish trust in all kinds of digital transactions; machines identities use digital certificates and cryptographic keys to validate the legitimacy of both communicating machines.
For example, when HTTPs is used to secure web traffic, what’s actually happening is SSL/TLS certificates are being utilised to secure the transaction between say a bank or an e-commerce store, and the user.
Another use is to secure Fast IT and DevOps, where teams use cloud-based, self-contained runtime environments, known as containers or clusters, to run individual modules called microservices.
Each microservice and container should have a certificate to identify and authenticate it, and to support encryption.
Machine identities are also used to secure privileged access, most organisations use SSH machine identities to secure system-administrator-to-machine access for routine tasks.
SSH machine identities are also used to secure the machine-to-machine automation of critical business functions.
These ensure only trusted users and machines have access to sensitive network systems and data.
These are just some of the ways machine identities secure connections and it illustrates how important they are in almost every element of an organisation.
Hence, it’s easy to see how if they are misused by a cybercriminal, they can wreak untold havoc.
If machine identities are poorly managed or weakly protected, attackers can use them to gain and maintain unauthorised access to network assets and data, impersonate trusted machines and applications, hide malicious activities, and exfiltrate stolen data while remaining undetected.
Any of these activities can result in economic damage to organisations.
Preventing these types of security breaches
To ensure machine identities stay secure, a strong machine identity management program must be an essential part of an organisation’s cybersecurity posture.
However, finding and replacing all machine identities can be challenging.
Organisations often don’t know how many identities they have – a figure that could be in the tens of thousands – or know who issued them, or what they are being used for.
Added to this, the only way they can update them is to go through and manually find and replace every single one.
As digital transformation becomes increasingly complex; we are likely to see cybercriminals misusing machine identities much more frequently.
This is just one more reason why security teams need to provide their business with visibility and automation through machine identity protection, to find and replace all compromised machine identities in seconds.
Yet, many companies are still relying on outdated processes and techniques in their security strategy.
Ultimately, it’s only by proactively managing machine identities at machine speed that organisations will be able to eliminate the billions of dollars they are losing to cybercriminals.