COMMENTARY: From ghouls and ghosts to vampires and zombies, the scariest objects on Halloween aren’t usually human. This year, the cybersecurity monsters are in the machines non-human identities (NHI) have become the most recent cyberterrors.
(SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity experts. Read more perspectives here.)
NHI threats are real and, like a zombie apocalypse, they are everywhere. So be careful! Here are three frightening trends around NHI that require priority action in 2025:
Attacks on NHIs are the most devastating to organizations
It’s easy to laugh at zombies, but there’s no laughing matter at the threat that perennial IHNs pose to corporate security. IBM researchers found that non-human identity-based attacks are the second most common and devastating type of attack for organizations. Ours research shows that there are on average 92 non-human identities for every human identity. Yet 91% of former employees’ tokens remain active, leaving organizations vulnerable to potential security breaches. Even 40% of current real, valid secrets are not used by any application workload, and 97% of NHIs are overprivileged, representing enormous and unnecessary risk exposure. Our researchers also discovered the record of the oldest active secret: an NHI token more than 20 years old. To mitigate these risks, organizations should implement stronger controls and regular audits of NHI and secrets management practices, ensure rapid identity turnover and access revocation for former employees, reduce overuse and duplication of secrets and avoid exposing them in insecure environments.
Security teams must prioritize AI security
Using AI to automate workflows, processes and even generate code will invariably require them to create their own sets of NHIs to do their job. What makes this situation worrying is that the attacks against major language models (LLM) take on average less than a minute and, if successful, disclose sensitive data 90% of the time, according to a Pillar Security study. The results, based on telemetry data and real-world attack examples from more than 2,000 AI applications, show that LLM jailbreaks successfully bypass the model’s guardrails in one in five attempts. The speed and ease of LLM exploits demonstrate that the risks posed by the growing attack surface of generative AI (GenAI) are real. And suddenly AI-powered applications and code are everywhere. As organizations rush to adopt AI for the benefits it brings, they must also recognize how it expands the attack surface and prioritize AI cybersecurity, particularly for institutions national health authorities. This is the primary attack vector for LLMs and the compromise of a single LLM gives access to potentially thousands of NHIs.
CISO budget requests require new approaches
Year after year, the specter of unfunded budget requests poses a major concern for CISOs. PwC Global Digital Trust Outlook 2025 The investigation sheds light on why this problem will persist. Less than half of CEOs say their CISOs are involved to a significant extent in strategic planning, board reporting, and oversight of technology deployments. And only 15% of organizations measure the financial impact of cyber risks in a meaningful way, according to the study.
Given these realities, significant gaps between budget requests and achievements will persist. Achieving cyber resilience at the enterprise level is critical, and to achieve this, CISOs and their teams will need to find ways to do more with less.
Security teams can achieve this by developing best practices and automating processes. Take the example of NHIs. We advise our clients on ways to reduce resource and budget pressure in 2025 by prioritizing based on access levels and the importance of the processes they support. It is now possible to automate the necessary processes of discovery, audits, access reviews and secret turnover, which previously took one or two weeks per NHI.
Like most Halloween stories, it is possible to defeat these non-human monsters. Faced with current budget constraints, CISOs will need to work harder to find ways like these to improve efficiency and automate processes. The organizations that rise to the challenge will prevail.
For those who don’t respond: scary times lie ahead.
Itzik Alvas, co-founder and CEO, Entro Security
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity experts. Each contribution aims to provide a unique voice on important cybersecurity topics. The content strives to be of the highest quality, objective and non-commercial.