68% of bots have access to sensitive data and assets, says CyberArk

Sumit Srivastava, Solutions Engineering Manager India, CyberArk

CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organisations trust CyberArk to help secure their most critical assets.

Sumit Srivastava, Solutions Engineering Manager – India at CyberArk on World Password Day said, “Humans aren’t the only target for attackers that seek to compromise credentials as their easiest pathway to an organisation’s critical data and assets. Humans remain a lucrative and relatively easy target; the average staff member has more than 30 digital identities, and over half have some kind of sensitive access. But software bots – little pieces of code that do repetitive tasks – exist in huge numbers in firms around the world and are also a prime target.”

He added, “Bots are a major component of digital business. They need information – and access – so they can do what they do. In fact, 68% of non-humans or bots have access to sensitive data and assets, according to the CyberArk 2022 Identity Security Threat Landscape report. And, given that the research also showed that machine identities now outweigh human identities by a factor of 45x on average and that their credentials are mostly not being properly protected, this is a cause for concern. Attackers specifically go after bots because they know that in many cases their passwords are not being rotated. They know also that bots are generally over-permissions, have more access than they need, and are not monitored like human identities for any anomalies. A compromised bot allows an attacker to maintain access and stay there undetected. Even today, we still see bots that backup all servers or domain admin accounts. In some cases, these bots are still using default passwords. A compromise here becomes a ‘game over’ issue for the targeted organisation.”

Sumit further stated, “Hard-coded passwords and secrets scattered throughout the environment are among the practices that must be eradicated in favour of centralised, robust password management, for both humans and machines.”

Several key elements offered by CyberArk contain password vaulting, session monitoring, file integrity monitoring, safe remote access, and threat detection.

Sumit Srivastava, Solutions Engineering Manager India, CyberArk
Sumit Srivastava, Solutions Engineering Manager India, CyberArk.