Why do cyber attackers target machine identities?

Eva Hanscom from Venafi explores the growing problem of machine identity threats.

There are many ways that compromised machine identities can be used in cyber attacks:

  • Attackers can misuse machine identities to establish hidden or concealed encrypted communication tunnels on enterprise networks in order to gain privileged access to data and resources.
  • Forged or stolen machine identities can allow an attacker’s machine to masquerade as a legitimate machine and be trusted with sensitive data.
  • Poorly managed machine identities can lead to certificate-related outages, which negatively impact the reliability and availability of vital systems and services.

And this list just scratches the surface of machine identity threats.

 

This problem will only continue to grow

There has been an explosion of machine identities on enterprise networks. Organisations rely on Internet of things (IoT) devices to streamline business initiatives. We’re also seeing more ‘virtual’ machines in the Cloud, and DevOps containers use machine identities in microservices.

Research from Venafi shows that the number of keys and certificates in use is growing rapidly and, driven by technology trends such as Cloud, IoT and smart machine adoption, this growth shows little sign of slowing. According to a study, 50% of organisations saw their key and certificate use grow by more than 25% in 2016, and one in five said key and certificate usage increased by more than 50%.

In addition, 58% said their organisation already used more than 2,500 keys and certificates, and one in four organisations used more than 10,000 keys.

This dramatic rise in the number of machine identities in use has had a substantial security impact. Organisations need to properly protect these identities before cyber criminals swoop in to compromise them, so it is imperative that IT governance programmes respond to this critical issue.

Security in the Digital World explores the cyber threats to both the workplace and on a personal level. The book includes an assessment for how you can manage security.

For more information on everything from operating systems to the IoT, Security in the Digital World can help.

 

About Venafi

Venafi is the cyber security market leader in machine identity protection, securing all connections and communications between machines. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, IoT, mobile and SSH. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise – on premises, mobile, virtual, Cloud and IoT – at machine speed and scale. Venafi