“Security professionals are under constant siege from very sophisticated threat actors targeting government, military and private organizations,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “Powerful attack methods, like establishing backdoors with machine identities, are now available as commodity malware, making it harder for security professionals to defend against these attacks.”
According to respondents, the most vulnerable industries are those that are undergoing rapid digital transformation and are essential to daily life. Almost 60% of respondents say power, water, healthcare and transportation are equally vulnerable to a cyberattack that causes physical damage. Nineteen percent thought that power was most vulnerable, followed by healthcare (12%) and transportation and water (tied at 5%).
Bocek noted: “The sophisticated cyberattacks that are the hallmark of nation state attacks often target digital keys and certificates that serve as machine identities. These critical security assets are often poorly protected and provide attackers with the ability to hide in encrypted traffic, pivot across networks and eavesdrop on sensitive data. Any organization that isn’t protecting machine identities at least as well as they protect usernames and password is at greater risk of becoming a victim of a cyberattack. And, unfortunately, these risks are unlikely to change in the near term because most organizations are just beginning to understand these risks.”