Diving overview:
- Companies that use AI tools extensively have a significantly higher incidence of data breaches than those that don’t: 43% versus 11% over the past 12 months. Nettrix stated in the report: Published on Wednesday.
- AI tools such as agents will significantly increase an organization’s “identity footprint,” Nettrix said, creating more gaps for hackers to exploit.
- At the same time, Netwrix found that the companies that use AI the most are also the companies that use it the most. identity management most seriously.
Dive Insight:
Netwrix’s report highlights the security risks of the sprawling web of user accounts and other identities that businesses must create to use agents, co-pilots, and other AI tools.
“AI agents are now acting on sensitive data on behalf of humans,” the Netrix researchers wrote. “Non-human identities require the same rigorous practices that have long been applied to privileged human access.”
However, the report found that many companies are not taking identity management seriously. According to the researchers, about three-quarters lack a “single, unified view of sensitive data and the individuals who have access to that data.” More than half of organizations lack up-to-date databases of sensitive data, 71% can’t quickly determine which identities can access what data, and 70% don’t have a security strategy that connects data protection and identity governance.
Identity management is not a new challenge for businesses, but AI is making it even bigger. Companies aren’t always keeping up. Three-quarters of organizations don’t fully monitor what AI IDs are doing in their systems, but 41% say they do. Allow AI agents to access sensitive data and perform important tasks.
Netwrix’s report highlights how hackers used weaknesses in identity security as entry points into target networks. Three-quarters of incidents in which hackers access sensitive data involve compromised identities or misconfigured account privileges. However, despite widespread corporate awareness of this threat, most companies do not mitigate it.
According to the report, 76% of organizations are unable to quickly revoke data access for inactive accounts, and 72% say accounts have too many privileges or are unsure what privileges are granted to them. Even more concerning, nearly two-thirds of organizations said they believe at least some accounts are accessing sensitive data unnecessarily. Only a quarter of businesses say they are fully confident in their ability to detect potentially dangerous account permissions.
The report also includes data on enterprise readiness to manage AI systems and the frequency of unauthorized identity access incidents across different organization size segments, based on a global survey of 2,317 security professionals from 1,889 organizations across 60 industries.
