Announcement

2024 State of Secrets Report

Author icon
by
Brian Hutchins
,
August 6, 2024
2024 State of Secrets Report2024 State of Secrets Report
Brian Hutchins
August 6, 2024
Icon - Time needed to read this article

With the rise in collaboration apps like Slack, GitHub, and ChatGPT, it’s easy for employees and customers alike to share secrets in messages, files, repos, and other places where they shouldn’t be shared. Though this so-called “secret sprawl” may seem trivial at first, all it takes is one misplaced password or API key for a threat actor to escalate their privileges and access your organization’s crown jewels: Your data. 

How can secret sprawl impact an organization?

According to IBM, compromised secrets are the leading attack vector for breaches in 2024, with involvement in 16% of breaches. In the past year, we’ve seen several breaches where secret sprawl played a part, from Okta to Sisense to Disney (allegedly) and beyond. These breaches highlight just how pervasive secret sprawl can be, especially at the enterprise scale. However, the consequences of secret sprawl are the same for any organization, no matter their size. These consequences might include:

  • Data breaches that are more costly and difficult to contain. As of 2024, the average data breach can set an organization back $4.88 million or more. 
  • Noncompliance with leading regulations like SOC 2, PCI-DSS, ISO 27001, HIPAA, and others, which is often accompanied by further legal and financial repercussions. 
  • Longstanding reputational damage caused by the loss of customer and stakeholder trust.

At Nightfall, we’ve analyzed hundreds of terabytes of data to uncover over 170,000 secrets in the last year alone, all of which are spread across popular SaaS and GenAI apps. Read on to learn what kinds of secrets we found, where we found them, and what your organization can do to defend itself. 

What kinds of secrets did we find?

In the past 12 months, Nightfall discovered over 171,000 secrets sprawled across SaaS and GenAI apps, including passwords, API keys, database connection strings, and cryptographic keys. 

Passwords take the cake by comprising over half (59%) of detected secrets, with API keys following closely behind (39%). To give organizations a more scalable metric, this shakes out to roughly 8 passwords and 7 API keys detected per 100 employees per week. At an enterprise level, this could amount to thousands of secrets sprawled per year. 

While we saw that passwords and API keys had slight variations in where they were sprawled, GitHub is the most likely place to find either of these categories of secrets, with 339 secrets shared per 100 employees per year. Confluence and Zendesk boast a high volume of secrets shared as well, all with over 100 secrets per 100 employees per year. 

Passwords

As mentioned above, passwords comprise about 59% of sprawled secrets. This amounts to 8 passwords discovered per 100 employees per week, typically in GitHub (54%), Confluence (23%), Zendesk (15%), and Slack (8%). 

API keys

API keys comprised just under half (39%) of sprawled secrets, which comes out to be about 7 API keys discovered per 100 employees per week. 

However, there’s a critical distinction we must make for API keys: Whether they’re active or inactive. While inactive API keys can still be leveraged by threat actors, active API keys can deal a lot more damage in terms of privilege escalation. Nightfall leverages advanced automation capabilities to validate each API key with its vendor to determine whether it’s active or not. And, shockingly, after doing so, the Nightfall team discovered that a whopping 35% of all detected API keys were, in fact, active. 

Naturally, if a threat actor stumbled on to one of these active keys, they might be able to access business-critical data stored in AWS, Confluence, GitHub, Okta, Paypal, Slack, Stripe, Twilio, and more. API keys for these vendors were found primarily in GitHub (71%), Slack (6.6%), Google Drive (6.6%) and Jira (6.6%), among other apps.


What can organizations do to stop secret sprawl? 

With the above findings in mind, here are Nightfall’s recommendations for containing secret sprawl and mitigating the risk of data breaches. 

  1. Scan for sprawled secrets: Conduct both historical and real-time scans to maintain visibility into where secrets are shared across SaaS and GenAI apps, as well as email and endpoints.
  2. Automate remediation: Configure real-time notifications and automated workflows to immediately handle secrets through actions like deletion, redaction, rotation, or encryption.
  3. Rotate API keys: Rotate API keys regularly and create a clear process for updating and distributing new keys.
  4. Keep it all encrypted: Share secrets securely using password managers or end-to-end encryption solutions.
  5. Coach employees: Implement real-time notifications to maintain year-round awareness of security policies and best practices.
  6. Build a “Human Firewall”: Empower employees to address their own policy violations so security teams can concentrate on building a stronger security culture.

By following these recommendations, your organization can significantly reduce the risk of secret sprawl while maintaining a stronger security posture.

Ready to see how Nightfall can help safeguard your secrets? Download the full report or schedule a demo today to experience our cutting-edge data security solutions firsthand.

On this page

Nightfall Mini Logo

Getting started is easy

Install in minutes to start protecting your sensitive data.

Get a demo