Misconfigured identity and access management (IAM) is opening the door to malicious actors that are targeting cloud infrastructure and credentials in attacks, according to new Unit 42 research.

Unit 42’s Cloud Threat Report: IAM The First Line of Defense found that cybercriminals often target identity and access management (IAM) due to several reasons:

• Password reuse: 44% of organizations allow IAM password reuse.
• Weak passwords (<14 characters): 53% of cloud accounts allow weak password usage.
• Cloud identities are too permissive: 99% of cloud users, roles, services, and resources were granted excessive permissions which were ultimately left unused (we consider permissions excessive when they go unused for 60 days or more).

Read more at www.securitymagazine.com – 8 best practices to harden identity and access management permissions