A survey by Dimensional Research has found that 84% of firms suffered an identity-related breach in the last twelve months.
The survey was sponsored by the Defined Security Alliance (DSA). Their executive director, Julie Smith, commented that the results of the survey are unsurprising when we consider the sheer amount of digital identities modern organisations must manage.
"The number and complexity of identities organisations are having to manage and secure is increasing," she commented, citing expanding cloud usage, more third-party partners, and increasing machine identities as some of the factors.
She went on to say:
"Whenever there is an increase in identities, there is a corresponding heightened risk of identity-related breaches due to them not being properly managed and secured, and with the attack surfaces also growing exponentially, these breaches can occur on multiple fronts."
With the survey highlighting that 98% of organisations are experiencing rapid growth in the number of identities that have to be managed, we see a situation in which many are facing heightened risk.
When it comes to how organisations can respond to this risk, many appear to be on the right track according to the 2022 report 'Trends in Securing Digital Identities'.
This report revealed that organisations overwhelmingly focus on the identities of employees about security. With 58% of organisations believing them to have the biggest impact, and 70% considering them the likeliest to be breached.
To reduce the impact and risk of data breaches, wherever they come from, the IDSA highlights identity-related security outcomes.
"Centered on enabling effective identity governance, access, and behavioural detection, the security outcomes add a layer of protection around IT environments," the report states. "It is here that multi-factor authentication as a mitigation strategy jumped to the top of the list in preventing breaches."
The most standout revelation of the report was the fact that 96% of respondents believed that implementing security controls like multi-factor authentication, could have prevented or minimised a breach.
This report indicates the high degree to which MFA reduces identity-related breaches. The top three countermeasures identified by respondents in the survey as potentially blunting the impact of breaches included:
2. More timely review of privileged access
3. Continuous discovery and monitoring of privileged access rights
These countermeasures however, are not effective on their own. They must be supported by a security first mindset within all levels of the organisation.
The report found that companies where executives are focused on identity security are significantly less likely to face a breach. And that companies where top-level business executives promote healthy password behaviours are likelier to have employees that are more careful with work-related credentials.
Like with any effective process, security countermeasures only work if everyone follows them. If lower-level employees look up and see management treating security like an afterthought, they are likely to follow in their footsteps.
Security must be embraced by management and new hires alike, as a strategic element of company culture.
This is what we call having a security first mindset, and considering that most security challenges are rooted in behaviour not process, it's essential every organisation strives to develop one.
Photo by Artur Roman