Breaches of machine identities make up 9-13% of economic loss caused by cyber crime, with large companies losing even more, according to the findings of a unique research project.

Extreme event modelling firm AIR Worldwide and cyber protection specialist Venafi worked together to evaluate the cost of machine identity breaches, finding that 14-25% of cyber losses at companies with revenues above $US2 billion ($3.04 billion) were due to this issue.

Machine identities govern the confidentiality and integrity of information between systems. To assure their unique identities, machines use cryptographic keys and certificates, much like people employ usernames and passwords.

A joint report from the two US-based companies says digital transformation requires the authentication and privacy that machine identities provide, but “cybercriminals understand that breaking this link means hitting the jackpot”.

Forged keys and certificates can be used to break into encrypted areas where confidential communications and data protection are a necessity. Without the proper protection, organisations can’t guarantee the confidentiality of information.

Forged or stolen machine identities also allow an attacker’s computer to pretend to be legitimate and be trusted with sensitive data.

The report says keeping up with the volume and variety of machine identity changes requires organisations to manage a complex, rapidly changing set of machine identity data.

“Yet many businesses are relying on processes and techniques from over 20 years ago, which poorly protect machine identities.”

Venafi recommends businesses assess the scope of their exposure by working to understand all the machine identities in use and make informed decisions based on their location, ownership, behaviour and characteristics.

“Finally, automate the repair of all machine identity weaknesses or vulnerabilities discovered.”

Click here to see the full report.