Articles about Identity and access management

Identities are probably the biggest attack surface for organizations in today's world as employees rely more on systems and apps to do their jobs.

Mapping identity and access data from the large, disparate, and often disconnected, mix of on-premise and cloud systems that enterprises use is a major challenge.

Continue reading →

Non-human identities (NHIs) refer to things like API keys, service accounts, system accounts, OAuth tokens. You may not give them too much thought, but a new report from Silverfort looks at the impact they have on an organization's cybersecurity.

Active Directory service accounts -- used for machine-to-machine communication within Microsoft’s Active Directory's (AD) environments -- are the most common and regularly compromised NHIs.

Continue reading →

In today’s cybersecurity landscape, identity has emerged as the prime target for threat actors, with compromised credentials involved in 49 percent of breaches. Attackers exploit misconfigurations, use generative AI for social engineering, and purchase stolen credentials, highlighting the need for robust identity security. While Identity and Access Management (IAM) has been crucial, evolving threats demand a more proactive and multifaceted approach that integrates threat intelligence tools and processes to protect identity systems effectively.

Implementing a robust Identity Threat Detection and Response (ITDR) strategy may be the solution. ITDR merges continuous monitoring and response with proactive measures, ensuring a resilient and adaptable security posture. A robust ITDR strategy not only prevents and detects threats but also investigates and coordinates responses to restore integrity after identity infractions.

Continue reading →

Enterprises could be exposing themselves to by increasingly relying on single sign-on (SSO) according to a new report from Doyensec, in collaboration with Teleport.

Although sold by identity providers (IdPs) for their convenience and security, SSO solutions can amplify the impact of breaches. The research shows these impacts can be significantly mitigated once additional layers of security are placed between the IdP and the linked applications and services.

Continue reading →

Almost 87 percent of respondents to a new survey report an increase in online fraud in the year to April 2024. Just 1.19 percent of respondents saying they experience zero fraudulent IDV (identity and verification) attempts in a month.

The report from Veriff also finds that more than 86 percent of decision-makers say their customers are now more demanding of robust fraud prevention capabilities. This reflects the findings in Veriff's 2024 Fraud Index which found more than 75 percent of consumers consider a company's record on fraud prevention before signing up for a service.

Continue reading →

A new study reveals that 60 percent of security leaders in the UK cite account takeover attacks as one of the top four most concerning cyber threats.

The survey from Abnormal Security shows 75 percent of UK survey participants report that their organization has been impacted by an account takeover attack at least once over the past year.

Continue reading →

Leaked or stolen credentials remain a major cause of security breaches and reuse of passwords between accounts only compounds the problem.

Password manager company Dashlane is launching new automated tool to empower admins to proactively create a more security-conscious workforce and drive better credential security behavior across their organization, reducing the risk of credential theft.

Continue reading →

A new study from the Identity Defined Security Alliance (IDSA) finds that 90 percent of organizations experienced an identity-related incident in the past year and 84 percent suffered a direct business impact as a result.

The survey of over 520 identity and security professionals from organizations with over 1,000 employees finds the most significant impact, seeing a measurable rise this year, is distracting from core business (52 percent).

Continue reading →

According to a new survey, 77 percent of organizations have suffered from instances of cyberattacks or data breaches in the past 12 months due to improper access or over-privileged users.

The study from ConductorOne, based on a survey of 523 US-based IT security leaders at companies with 250 to 10,000 employees, also finds 41 percent of respondents say there had been multiple instances of cyberattacks or data breaches due to the same improper access issues.

Continue reading →

Yesterday's coverage of World Password Day sparked some discussion among the BetaNews team about passkeys and how they work.

We figured that if we're confused about them then some of you probably are too, so here's a FAQ look at passkeys, how they work and why you should consider using them.

Continue reading →

The average organization has roughly 1,400 permissions for every employee, according to a new report from Veza.

The findings also show that identity teams face a daunting number of groups and roles to manage. With organizations averaging nearly 700 groups for every 1,000 users, it is difficult for admins to choose the least-privilege groups and roles that will meet the needs of any given employee, contractor, or service account.

Continue reading →

A new report from cloud security company Sysdig reveals that many businesses are indulging in the dangerous practice of putting convenience before preventive security in pursuit of faster application development.

"Attackers are leveraging automation to exploit every point of weakness they can uncover," says Crystal Morin, cybersecurity strategist at Sysdig. "This year's report shows that many companies are chasing faster innovation at the cost of more comprehensive security -- a gamble that poses real business risks."

Continue reading →

Most successful cyberattacks rely on compromised identity or social engineering. Yet this can be a major blindspot for enterprises with basic awareness of the problem lacking and a growing number of personal devices used for work.

We spoke to Jim Taylor, chief product officer of identity platform RSA, -- which recently published a report on the issue -- to learn more about the problem and how it can be addressed.

Continue reading →

Despite moves towards other means of authentication passwords are still widely used, making protecting digital identities a problem.

But identity affects other areas too, such as being able to verify content and devices, things which are likely to come more more into focus as we approach significant elections in the US and UK. Here are some expert views on the identity landscape for 2024.

Continue reading →

When we want to secure something highly valuable, say, a bag of ancient Spanish coins worth millions, we think of locking it behind as many layers as possible. For example, you might put it in a safe deposit box in a bank vault, nestled safely inside the institution that is itself blanketed with redundant physical security controls.

As organizations have become increasingly complex, so too have their associated layers of security around application access. Enterprises have tremendous amounts of applications and data, as well as users and devices with differing levels of permissions trying to access that data. To provide a consistent, IT-vetted method of creating, managing, storing, and authenticating the complexity of application access, we have arrived at Identity Provider (IdP) tools. IdPs are (typically) cloud-hosted services that store unique information used to identify users, organizations, and devices ("digital identities"), authenticate access requests, add/remove users, and provide security around these functions. Popular examples of solutions often used for IdP functionality include Okta, Microsoft Azure AD, and Duo.

Continue reading →