Fast-growing employee identities, third-party partners and machine nodes are causing companies to crawl to secure credentials, software secrets and cloud identities, according to researchers.
In a survey among IT and identity professionals released Wednesday by Dimensional Research, almost all organizations – 98% – are experiencing rapid growth in the number of identities to be managed, with this growth driven by expanding cloud use, more third-party partners, and machine identities. Furthermore, companies are also experiencing an increase in breaches due to this, with 84% of companies having suffered an identity-related breach within the last 12 months, compared to 79% in a previous survey covering two years.
The rising incidence of breaches is not surprising, said Julie Smith, executive director of the Identity Defined Security Alliance (IDSA), which sponsored the study.
“The number and complexity of identities that organizations need to manage and secure is increasing,” she says. “When there is an increase in identities, there is a correspondingly increased risk of identity-related breaches due to them not being properly managed and secured, and with attack surfaces also growing exponentially, these breaches can occur on multiple fronts.”
For the most part, organizations focus on employee identities, which 70% consider to be the most likely to be broken, and 58% believe they have the greatest impact, according to the 2022 report “Trends in Securing Digital Identities” based on the survey. Nevertheless, third-party partners and business customers are also significant sources of risk, with 35% and 25% of respondents, respectively, considering them to be a significant source of breach.
IDSA recommends that companies focus on identity-related security findings that reduce the risk and impact of data breaches. Almost all respondents (96%) believe that implementing security checks focused on identities, such as multifactor authentication (MFA), could have prevented or minimized a breach.
“With a focus on enabling effective identity management, access and behavior detection, security results add a layer of protection around IT environments,” the report said. “This is where multifactor authentication as a mitigation strategy jumped to the top of the list to prevent breaches.”
The Ministry of Foreign Affairs reduces identity-related breaches
The three best countermeasures identified by respondents as potentially dull impact of breaches included MFA, more timely review of privileged access and ongoing detection and monitoring of privileged access rights according to the study. These three security checks are also likely to get the most investment in the coming year, says IDSA’s Smith.
“We would not necessarily expect the countermeasures and planning to match 100%, as it would indicate that organizations are chasing their tails and only focus on the last breach when there is a need for forward-looking strategy and vision of the next potential breach,” he says. hun.
Machine identities – such as system credentials, software separations, and Internet of Things (IoT) passwords – are, according to the report, the key factors driving increased identities in 43% of organizations. Despite this, only 18% of companies consider machine identities to be a significant source of breach.
“Both human and machine identities are vulnerable without the right mitigation and security tactics in place,” Smith said. “Given that machine identities have the potential to expand much faster than human identities, if a machine identity is not properly secured, managing the network of machine identities can quickly pose a major risk.”
Meanwhile, the growing number of cloud workloads means that the credentials that allow software to use APIs and communicate with other software are a growing surface of attacks, said Alex Simons, corporate vice president of program management for Microsoft’s Identity division. , in March.
Companies that have executives focused on identity security are more likely to reduce the risk of breaches, according to the IDSA report. While only 30% of respondents consider password security training to be a very effective strategy, companies with top-level business leaders who support password security are much more likely to be more careful about work-related credentials. compared to companies that rely on security teams as the primary evangelist.
“If we’re talking about implementing and implementing meaningful security results, we need to increase engagement beyond IT or security teams,” says IDSA’s Smith. “This simply shows that when management embraces security as part of communications, the general trend is that security becomes a strategic part of the company’s culture.”