In a recent webinar, it was revealed that in 2024, a staggering 68% of cloud breaches were attributed to compromised service accounts and overlooked API keys, rather than traditional threats such as phishing or weak passwords. The focus on unmanaged non-human identities—ranging from service accounts to API tokens—underscores a significant vulnerability in enterprise security. With estimates suggesting that there are 40 to 50 automated credentials for every employee, the challenge of tracking and securing these identities is increasingly pressing as projects conclude or personnel change.
For businesses, this highlights the urgent need for more robust identity and access management strategies. Organizations must prioritize the monitoring and governance of these ghost identities to mitigate potential risks to their sensitive data. By implementing stringent controls and regular audits of automated credentials, companies can significantly reduce their attack surface and enhance their overall cybersecurity posture. This is especially crucial as the rise of AI and cloud services continues to expand the landscape of potential vulnerabilities, making proactive identity management a critical component of any comprehensive cybersecurity strategy.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/04/webinar-find-and-eliminate-orphaned-non.html)*