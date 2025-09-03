Enterprises left dangerously exposed by identity protection ‘maturity myth’

No Comments
Glowing security padlock

New research from Osterman and Silverfort reveals that although nearly 70 percent of organizations believe their identity defenses are ‘mature’ there is a worrying gap between perception and reality.

This comes against a rising tide of identity threats, 72.1 percent of identity leaders report that the threat level of identity-related attacks has increased or remained unchanged in the past year. The most significant jumps include AI-powered attacks, ransomware-based attacks, and social engineering of desk staff to reset credentials or MFA factors (up 14.3 percent).

Nearly every organization surveyed (93.7 percent) is concerned about account takeover due to compromised credentials in the next two years. What’s more one in 10 Fortune 500 employees have had their credentials exposed in the last three years, posing a significant risk for account takeover. Adversaries have also become more interested in stealing and abusing compromised credentials,

The report shows that four out of five identity leaders don’t have full visibility into three critical risks: service accounts behaving in unexpected ways, authentication session tokens being used in abnormal locations, and compromised employee credentials for sale on the dark web.

Over three quarters of organizations have less than full and complete visibility into 14 different identity threats and security fundamentals. Lack of visibility into identity vulnerabilities is a critical shortcoming to address because identity-led attacks start with just one compromised identity-related asset, such as a credential for sale on a dark web forum.

For organizations using tools to detect compromised credentials on the dark web, 60 percent claim maturity, but only 22 percent can show evidence of it. For backup and recovery of identity platforms, 71 percent claim maturity, but only 41 percent have the evidence to back it up.

The report’s authors conclude, “IAM is a necessary but insufficient technology to protect identities as threat actors weaponize compromised identities and their protections to unleash havoc on organizations. All organizations need to revisit their security posture for identities, ensuring the right technologies are deployed, processes are brought to maturity, and elevated protections operationalized.”

You can read more on the Silverfort blog.

Image credit: Ruslan BatiukDreamstime.com

Tags: , , ,
No Comments
Got News? Contact Us

Recent Headlines

Enterprises left dangerously exposed by identity protection ‘maturity myth’

Windows 10 support costs could top $7 billion

Taking a holistic approach to human risk management

This stunning Apple Vision Pro concept brings Siri to life

Tycoon phishing kit uses sneaky new techniques to hide malicious links

You can now use AI backgrounds in WhatsApp video chats

Amazon is killing off Prime Invitee Program and replacing it with Amazon Family

Most Commented Stories

Extended Windows 10 support means ditching your local account for a Microsoft Account

25 Comments

This updated Windows 11 clone is Linux underneath and makes your old PC run faster -- get it now

15 Comments

Forget Windows 11, Windows 12.2 is the 'next evolution' of Microsoft's OS

15 Comments

Why using a VPN is becoming more important than ever

8 Comments

Microsoft slowly rolls out a button allowing Windows 10 users to refuse Windows 11

4 Comments

High Court rejects Wikipedia challenge to UK online safety rules

4 Comments

Age verification laws are killing web traffic

4 Comments

Microsoft says that it will make WinUI ‘truly’ open source

3 Comments

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

Regional iGaming Content

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.