World Password Day 2022- "Bots are a major component of digital business", Sumit Srivastava, CyberArk
Sumit Srivastava
On this World Password Day, commit once again to making itharder for cybercriminals to access your valuable sensitive data by strengtheningyour password security. As outlined below, it isn't hard to craft securepasswords and keep them safe from attackers – it just needs a little due caution.
If you are concerned about your data security and passwords,we bring to you the expert advice from Sumit Srivastava, Solutions EngineeringManager – India at CyberArk.
CyberArkis the global leader in Identity Security.Centredon privileged access management, CyberArk provides the most comprehensive securityoffering for any identity – human or machine – across businessapplications, distributed workforces, hybrid cloud workloads and throughout theDevOps lifecycle. The world's leading organizations trust CyberArk to helpsecure their most critical assets.
Sumit Srivastava
Sumit Srivastava, SolutionsEngineering Manager – India at CyberArk "Humans aren't the only target forattackers that seek to compromise credentials as their easiest pathway to anorganization's critical data and assets. Humans remain a lucrative andrelatively easy target; the average staff member has more than 30 digitalidentities, and over half have some kind of sensitive access. But software bots– little pieces of code that do repetitive tasks – exist in huge numbers infirms around the world and are also a prime target.
Bots are amajor component of digital business. They need information - and access - sothey can do what they do. In fact, 68% of non-humans or bots have access tosensitive data and assets, according to the CyberArk 2022 Identity SecurityThreat Landscape report. And, given that the research also showed that machineidentities now outweigh human identities by a factor of 45x on average andthat their credentials are mostly not being properly protected, this is a causefor concern.
Attackersspecifically go after bots because they know that in many cases their passwordsare not being rotated. They know also that bots are generallyover-permissioned, have more access than they need, and are not monitoredlike human identities for any anomalies. A compromised bot allows an attackerto maintain access and stay there undetected. Even today, we still see botsthat backup all servers or domain admin accounts. In some cases, these bots arestill using default passwords. A compromise here becomes a 'game over' issuefor the targeted organization.
Hard-codedpasswords and secrets scattered throughout the environment are among thepractices that must be eradicated in favour of centralized, robust passwordmanagement, for both humans and machines."