Protecting human & non-human identities in cybersecurity
According to cybersecurity leaders, the escalation of cyber-attacks driven by artificial intelligence (AI) necessitates focusing on threats to human and non-human identities.
During National Cybersecurity Awareness Month, Tim Eades, Chief Executive Officer and Co-Founder at Anetac, commented on the importance of fundamental security practices. "In today's digital landscape, many security breaches stem from overlooked basic security practices rather than sophisticated attacks. This year's Cybersecurity Awareness theme, 'Secure our World', reflects this oversight organisations often have. While advanced security tools are valuable, organisations benefit most when prioritising fundamental practices, including strong passwords, a password manager, multi-factor authentication, and keeping software up to date," said Eades.
Eades further explained the significance of maintaining basic security measures: "The difference between a minor incident and a major breach often comes down to these basics. Our research indicates that 53% of organisations take over 13 weeks to rotate passwords—a gap that creates unnecessary vulnerabilities. As we innovate against emerging threats, we can't neglect the fundamentals. A modern identity security strategy must combine robust security hygiene with advanced tools for complete visibility into both human and machine identities."
He emphasised a balanced approach to security: "By focusing on a balanced approach—combining sound security practices with advanced tools—organisations can significantly enhance their resilience against potential breaches. Remember: attackers will always choose the path of least resistance. Don't make it easy for them."
Baber Amin, Chief Product Officer at Anetac, underscored the need to address threats to both human and non-human identities during the awareness month. "This Cybersecurity Awareness Month, organisations must address threats to both human and non-human identities. While many focus solely on human users, non-human identities pose equal—if not greater—risks," Amin stated.
Amin referenced research conducted with TechTarget's Enterprise Security Group, highlighting a significant issue: "Research conducted in partnership with TechTarget's Enterprise Security Group (ESG) shows that for every human user, there are 20 non-human identities, often with high-level privileges. These automated accounts are prime targets for attackers, yet their security is frequently overlooked."
"Back in June, TeamViewer suffered a cyberattack where bad actors could take control of an employee's account. Now imagine if the same bad actors compromised a non-human account. The response time might have been drastically reduced with the consequences of the breach significantly increasing," Amin explained.
He outlined steps enterprises should follow to minimise successful attacks: "To minimise the likelihood of a successful attack, enterprises should follow these steps: Adopt modern Identity and access management tools that can monitor both human and non-human identities; Password security: implement robust cyber hygiene policies, regular password rotation every 90 days for both human and non-human accounts, and use secure password management software; Invest in smart cybersecurity tools that can improve visibility and management of all identities and the activity chains linked to those identities."
Amin concluded that by equally addressing human and non-human identities, organisations can significantly enhance their cybersecurity readiness in an automated and AI-driven environment.