84 percent of organizations suffer identity-related breaches
According to a new report 84 percent of respondents say their organization has experienced an identity-related breach in the last year, with 78 percent citing a direct business impact as a result.
The report, from the Identity Defined Security Alliance (IDSA), finds that 98 percent of respondents report that the number of identities is increasing, primarily driven by cloud adoption, third-party relationships and machine identities.
In addition 94 percent say identity investments are part of strategic initiatives including cloud adoption (62 percent), zero trust implementation (51 percent) and digital transformation initiatives (42 percent). 64 percent of respondents say managing and securing identity is one of the top three priorities of their security program.
"Managing identities is becoming more and more complicated for organizations. Identities are growing in numbers and types, with the continuation of remote work, the increase in contractors and third-party relationships and the explosion of machine identities," says Julie Smith, executive director of the IDSA. "This has led to an increase in identity-related breaches, creating business impacts to today’s enterprises. Although identity defined security investments are still a work in progress, companies are making headway. More organizations are not only making identity a priority, but investing in identity-focused outcomes. And it’s not just technology investments, executive support is making a meaningful difference in the way employees protect their corporate credentials, decreasing business risks and improving the overall security posture of their organization."
While identity-related attacks are rising and do have an impact, 96 percent report that they could have prevented or minimized the breach by implementing identity-focused security outcomes.
Although 51 percent typically remove access for a former employee within a day, only 26 percent always do so. Also 43 percent believe that implementing multi factor authentication would have made a difference in preventing breaches.
You can get the full report from the IDSA site.