[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
Summary
The article highlights that in 2024, unmanaged non-human identities, such as compromised service accounts and forgotten API keys, were the primary cause of cloud breaches (68%), overshadowing phishing and weak passwords. It emphasizes the vast number of automated credentials (40-50 per employee) that often go unmonitored after projects end or employees depart.
IFF Assessment
This is bad news for defenders as it points to a significant and growing attack surface stemming from unmanaged automated credentials, which are often overlooked.
Defender Context
Defenders need to prioritize the management and monitoring of non-human identities, including service accounts, API keys, and OAuth grants. Organizations should implement robust processes for de-provisioning these credentials when they are no longer needed to mitigate the risk of exploitation.