Identity

As we approach the peak holiday shopping season a new survey of nearly 400 IT security decision-makers and retail customers from identity specialist HYPR shows that 58 percent of retail organizations experienced at least one authentication-related breach and 65 percent were victims of identity fraud over the last 12 months.

Retailers have suffered losses of up to $6.27 million in the last year alone due to insecure authentication methods. By contrast financial institutions reported only $4.57 million lost during the same period.

Nearly half of businesses admit they are only partially confident in their ability to detect deepfakes, leaving them vulnerable to escalating fraud risks according to a new report.

The report from identity solutions company Regula shows 59 percent of businesses consider video deepfakes a serious threat, while 58 percent feel the same about audio deepfakes.

Cyberattackers are targeting holidays and weekends to cause maximum disruption, yet many businesses remain underprepared outside of standard working hours.

A new report from Semperis, based on a survey of almost 1,000 cybersecurity professionals, shows that 86 percent of surveyed organizations in the US, UK, France and Germany that were attacked were targeted during a holiday or weekend.

Although it may not make the headlines as often as other forms of cybercrime, identity theft remains an issue.

Now NordVPN has launched an identity theft protection service called NordProtect. Currently available to NordVPN Prime plan users in the US, it merges years of cybersecurity expertise with cutting-edge technology to offer a solution users can trust.

Modernizing identity systems is proving difficult for organizations due to two key challenges, decades of accumulated identity and access management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs).

A new report from Strata Identity and the Cloud Security Alliance (CSA) finds incompatibility with non-standard, legacy applications is a barrier to deploying advanced application authentication for 71 percent of respondents, further highlighting the issue of technical debt with 54 percent of respondents citing it as their top hurdle when modernizing their IAM architecture.

Most cybersecurity incidents start with some sort of identity compromise, whether that identity is human or machine.

In order to help organizations gain visibility into their identity security posture Anetac is setting up a community to serve as a collaborative space where cybersecurity leaders, practitioners, and researchers can learn and engage with experts on identity vulnerabilities related to human and non-human identities.

Cost reduction is a top priority for many organizations, leading to the adoption of various technologies to automate tasks and improve efficiencies for cost savings. However, minimizing risk should also be a key objective for every business.

To achieve this, companies are looking into Identity Governance and Administration (IGA), which is a policy framework and security solution for automating the creation, management, and certification of user accounts, roles, and access rights. This ensures consistency, efficiency, and improved awareness, all of which are essential for reducing security risks. However, implementing IGA can often be seen as a laborious task that gets abandoned before the business experiences the benefits it has to offer.

In today’s cybersecurity landscape, identity has emerged as the prime target for threat actors, with compromised credentials involved in 49 percent of breaches. Attackers exploit misconfigurations, use generative AI for social engineering, and purchase stolen credentials, highlighting the need for robust identity security. While Identity and Access Management (IAM) has been crucial, evolving threats demand a more proactive and multifaceted approach that integrates threat intelligence tools and processes to protect identity systems effectively.

Implementing a robust Identity Threat Detection and Response (ITDR) strategy may be the solution. ITDR merges continuous monitoring and response with proactive measures, ensuring a resilient and adaptable security posture. A robust ITDR strategy not only prevents and detects threats but also investigates and coordinates responses to restore integrity after identity infractions.

In an age where cyber threats are becoming increasingly sophisticated, the management and verification of digital identities are at a critical juncture. As various sectors rapidly evolve, decentralized identity (DCI) systems emerge as a revolutionary approach to managing and verifying user identities. These autonomous systems promise to change how we access and use online services. However, many organizations need help with adopting this promising technology.

A recent survey by Ping Identity, which included responses from 700 IT decision-makers worldwide, highlights these challenges. In the UK, 82 percent of IT decision-makers see value in decentralized identities for their customers and employees, yet only about a third (34.5 percent) currently offer this option. A significant reason for this gap is the need for more clarity about the benefits, with 31 percent of respondents unsure what advantages decentralized IDs would bring.

Active Directory (AD) was introduced in the late 90's when corporate networking barely had virtualization and remote work, not to mention cloud services.

AD controls authentication and authorization to most of an organization's on-premises applications and data, and through synchronization and federation with Entra ID, Okta or other cloud identity provider (IDP) provides these same controls to cloud applications and resources.

A new study from the Identity Defined Security Alliance (IDSA) finds that 90 percent of organizations experienced an identity-related incident in the past year and 84 percent suffered a direct business impact as a result.

The survey of over 520 identity and security professionals from organizations with over 1,000 employees finds the most significant impact, seeing a measurable rise this year, is distracting from core business (52 percent).

According to a new survey, 77 percent of organizations have suffered from instances of cyberattacks or data breaches in the past 12 months due to improper access or over-privileged users.

The study from ConductorOne, based on a survey of 523 US-based IT security leaders at companies with 250 to 10,000 employees, also finds 41 percent of respondents say there had been multiple instances of cyberattacks or data breaches due to the same improper access issues.

Today, almost every organization and most individuals are using or experimenting with Artificial Intelligence (AI). There are plenty of examples of how it is changing businesses for the better, from marketing and HR to IT teams. What was once computationally impossible, or prohibitively expensive to do, is now within reach with the use of AI.

According to Gartner, approximately 80 percent of enterprises will have used generative AI (GenAI) APIs or models by 2026. As AI drives value for organizations, it is fueling further demand and adoption.

The average organization has roughly 1,400 permissions for every employee, according to a new report from Veza.

The findings also show that identity teams face a daunting number of groups and roles to manage. With organizations averaging nearly 700 groups for every 1,000 users, it is difficult for admins to choose the least-privilege groups and roles that will meet the needs of any given employee, contractor, or service account.

As we move away from passwords to other forms of authentication, there's increasing reliance being placed on technologies like biometrics.

But there's growing evidence that this technology could be flawed, with facial recognition exhibiting higher error rates for those with darker skin for example. We spoke to Dr. Mohamed Lazzouni, CTO of Aware, to discuss the ethical issue of bias in biometrics and what needs to be done to prevent it.