In the modern, browser-centric workplace, the corporate identity acts as the frontline defense for organizations. Often referred to as "the new perimeter", the identity stands between safe data management and potential breaches. However, a new report reveals how enterprises are often unaware of how their identities are being used across various platforms. This leaves them vulnerable to data breaches, account takeovers, and credential theft.
The "Enterprise Identity Threat Report 2024" (download here) is based on exclusive data available only to the LayerX Browser Security platform. This data derives from LayerX's unique visibility into every user action in the browser, across industries. It provides a detailed analysis of emerging risks and uncovered hidden threats. To register to a live webinar to cover the key findings in this report, Click here.
Below is a deeper dive into some of the report's most critical findings:
1. The Greatest Risk Comes from 2% of Users
Security professionals researching security threats might come to the impression that every action taken in the enterprise is a threat to the business's operations. This kind of FUD is counter-productive, since it does not help prioritize risk management.
On the contrary, this report provides data on where the actual risk is coming from. It finds that 2% of users within an organization are responsible for the majority of identity-related risks. These individuals have appeared in multiple public data breaches, typically with weak or compromised credentials, and also bypass SSO mechanisms, using outdated, easily crackable passwords.
There is another interesting factor that makes these users more risky. The report indicates not only if a corporate identity was exposed, but also whether a password was exposed, as well as how many times it was exposed.
On average, identities that had their password exposed, appeared in 9.5 breaches. Whereas identities exposed without password exposure appeared on average in 5.9 data sets.
Could this be because attackers place more attack resources on datasets with passwords? The data doesn't say. But it does mean that users who have had their password exposed are at a significantly higher risk, since the more datasets they appear in, the higher the potential malicious reach of their credentials. This should be taken into consideration in your risk management plan.
2. Blind Spots in Corporate Credential Management
One of the most pressing risks identified in the report is the prevalence of shadow identities. According to LayerX, 67.5% of corporate logins are performed without the protection of SSO. Even more concerning, 42.5% of all logins to SaaS applications within organizational networks take place through personal accounts, completely outside the purview of corporate security teams.
These blind spots allow users to bypass corporate identity protections. Security teams lack visibility into where corporate access is taking place, blocking their ability to detect and respond to identity-related risks.
3. Corporate Passwords Are Just as Vulnerable as Personal Ones
Corporate security measures are perceived to be stronger than personal ones. For example, managed devices seem more secure than BYOD, corporate networks are more secure than public wifi, etc. But when it comes to passwords, this is hardly the case.
Despite password management and governance policies, the report shows that 54% of corporate passwords are categorized as medium-strength or weaker. For personal passwords, the percentage is 58%. Such passwords, while complying with minimum security policies, can often be cracked in under 30 minutes with modern tools.
4. Browser Extensions: An Overlooked but Growing Risk
LayerX has a unique perspective into one of the most ubiquitous, but invisible, productivity tools: browser extensions. According to LayerX's findings, 66.6% of installed browser extensions have high or critical risk permissions and over 40% of users have such high-risk extensions installed. These permissions often allow extensions access to sensitive data such as users' cookies and session tokens, which can be exploited to steal corporate credentials or hijack sessions.
5. Attackers Are Evading Legacy Security Tools with Sophisticated Techniques
Finally, the report reveals how attackers are exploiting weaknesses in traditional security tools like SWGs. As a result, these tools have become less effective in preventing browser-related breaches. Some of the key findings in this area:
- 49.6% of successful malicious web pages that bypass protections are hosted on legitimate public hosting services, leveraging trust in well-known domains to avoid detection
- 70% of these malicious pages use phishing kits with low or medium similarity to known phishing templates, which allows them to evade standard phishing detection mechanisms.
- 82% of these pages scored high on reputation risk and 52% of the pages had low "top-level domain" risk, indicating that attackers are manipulating common reputation-based defenses by using public infrastructure to distribute malicious content.
The findings in the "Enterprise Identity Threat Report 2024" underscore the pressing need for organizations to rethink their identity security strategies. Traditional methods relying on network-layer protection, password governance and trust in existing tools are no longer sufficient to protect today's browser-based, remote-access environments. At the very least, security teams should be aware of what they do not cover.
To register to the live webinar presenting the report's main insights, To register to a live webinar to cover the key findings in this report, Click here.