Articles about Identity

Recent years have seen endless stories of human identity being exploited heavily in attacks. The malicious actors behind these attacks have compromised human identities (usernames, passwords and 2 factor authentication) to steal valuable data from countless companies and individuals. The COVID-19 pandemic and the shift to remote work dramatically increased the risks connected with human identities as people accessed corporate networks from many new locations and devices.

But while security departments have increased their investments in protecting human identities, many are still neglecting the risks connected with machine identities. Machines of all types including hardware, software and containers all need unique identities in order to connect and communicate securely, yet most businesses have very limited security controls in place to protect them. 

Continue reading →

Identity fraud is on the rise, with cybercriminals employing increasingly sophisticated techniques including realistic 2D/3D masks and deploying display attacks (e.g. showing a picture of a person on a screen) to try to spoof biometric verification systems.

Identity verification specialist Onfido is launching a new 'biometric liveness solution' called Motion which is aimed at increasing verification speed and ensuring that it’s seeing a real person.

Continue reading →

Identity data is frequently stored by organizations using a variety of sources, formats, and protocols, sometimes making it impossible to access essential identity information needed for security and business decisions. Without precise identity data, systems cannot decide what users should and should not be able to access which resources. Even worse, to make life easier for the admins, sometimes the default is overextending access and over-privileging accounts. This raises the possibility of a successful breach, as well as the possibility that it will go unnoticed for a longer period of time.

The number of identities linked to companies has also been increasing exponentially -- a recent study by Gartner Peer Insights  found that 60 percent of organizations have more than 21 identities per user.

Continue reading →

A new study reveals that identity sprawl is a major problem for organizations, with 60 percent reporting as many as 21 separate identities per user.

The report from Radiant Logic and Gartner Peer Insights looks at the rapid growth of enterprise identity silos, and the explosion of user information, attributes, and credentials that accompanies it.

Continue reading →

At this point in the history of cybersecurity, the concept of a network perimeter seems almost quaint. The perimeter was like a moat or castle wall designed to keep the bad guys out. But the days of employees and all their digital tools residing within an isolated secure area are long gone.

Today, the walls have crumbled, and the moat has dried up. Now we live in a world where people can and do work from anywhere. And they need access to resources that may be located on premises, in the cloud, or even in multiple clouds. The dramatic changes in how people work mean you can’t use location to determine who can and can’t be trusted. Today’s new demands require a new security model. And that model has a name, zero trust.

Continue reading →

The introduction of the cloud has brought a lot of change to the world. A big one for enterprises is that it’s no longer a necessity to guard data on-premises. Most organizations today rely on a hybrid approach to hosting their applications, with an average of three or more different clouds driving various applications in their infrastructures.

While the cloud has delivered plenty of benefits to these businesses and transformed the way they think about data and security, they’re not all properly managing and securing applications across the enterprise.

Continue reading →

According to a new report 84 percent of respondents say their organization has experienced an identity-related breach in the last year, with 78 percent citing a direct business impact as a result.

The report, from the Identity Defined Security Alliance (IDSA), finds that 98 percent of respondents report that the number of identities is increasing, primarily driven by cloud adoption, third-party relationships and machine identities.

Continue reading →

The Fast Identity Online (FIDO) Alliance -- a group of technology companies including Apple, Google and Microsoft -- recently announced its commitment to supporting passwordless authentication across its products. FIDO’s plans have been in place for nearly a decade and work started long ago on a system that lets users log in to their online accounts without a password but instead with a PIN, biometric, iris scan or with voice recognition.

FIDO’s approach is expected to be implemented across Apple, Google and Microsoft platforms later this year and FIDO believes this will provide better protection over legacy multi-factor authentication and better protection against malicious phishing attacks.

Continue reading →

Only 16 percent of respondents to a new survey have a fully mature identity and access management (IAM) strategy in place, yet 56 percent have experienced identity-related incidents in the last three years.

The study carried out by the Ponemon Institute for enterprise identity specialist Saviynt shows that the 84 percent without a mature strategy are currently dealing with inadequate budgets, programs stuck in a planning phase, and a lack of senior-level awareness.

Continue reading →

Ransomware, software supply chain attacks, data breaches, and more have become an almost daily occurrence in an increasingly challenging threat landscape.

Automated threat detection company Blumira has released a new report based on its security detections which reveals that identity-based attacks and living off the land behaviors were the top threats organizations faced in 2021.

Continue reading →

Providing a digital identity to create an online account or complete a transaction is becoming more commonplace globally and consumers are now expecting this as part of their engagement with a business.

Research carried out by Opinium for Jumio surveyed 8,000 adult consumers split evenly across the UK, US, Singapore and Mexico. It finds that 57 percent now say they have to use their digital identity 'constantly' or 'often' to access their online accounts.

Continue reading →

First held in 2021, Identity Management Day seeks to inform about the dangers of casually or improperly managing and securing digital identities by raising awareness and sharing best practices across the industry.

Today's second celebration of all things identity management -- you may have noticed the Identity Management Day eggs and bunnies in the shops (oh, they're for something else?) -- has sparked comment from many industry figures and we round up some of their thoughts below.

Continue reading →

Identity is a battleground upon which all organizations must now fight. Responding to this growing threat is non-optional because identity is at the heart of the processes and technologies that power the new world of remote and hybrid working.

The "human element" is involved in 85 percent of breaches, with credential data theft and misuse now factoring into 61 percent of incidents, the Verizon Data Breach Investigations Report 2021 reported last year. Attackers know this, so they are constantly searching for ways of accessing valid credentials which they can use to gain access to the network and then move undetected in search of new targets.

Continue reading →