The Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, unveiled its 2023 Trends in Identity Security report, based on an online survey of over 500 identity and security professionals. This report provides a deep dive into the progress organizations are making in defending against the rapid increase in cyberattacks and the approaches large companies are taking toward security and identity.
Identity-related incidents continue to plague organizations with an alarming 90% reporting one in the last 12 months, a 6% increase from last year’s report. As identities continue to significantly grow, identity stakeholders are faced with an increasing number of barriers without the needed support from leadership. A staggering 49% report that their leadership teams understand identity and security risks and proactively invest in protection before suffering an incident, while 29% only engage and support after an incident.
CIO INFLUENCE: CSI Adds IT Governance to Advisory Services Offering as Cybersecurity, Regulatory Landscapes Grow in Complexity
“As cloud adoption, remote work, mobile device usage, and third-party relationships drive up the number of identities, more and more organizations are suffering from identity-related incidents,” said Jeff Reich, Executive Director, IDSA. “Protecting digital identities has never been more important in the fight against increasingly savvy cyberattacks. And while managing and securing identities continues to be called out as a top priority by organizations, meaningful shifts in proactive investment and leadership are necessary to reduce risk.”
Protecting digital identities has never been more crucial as cyberattacks rapidly increase in sophistication and volume. Organizations need to ensure only the right people have access to the right data, networks, and systems and that they use technologies effective at preventing malicious actors from gaining access to sensitive information. The research finds that as the number of identities increases, more businesses are suffering identity-related incidents and are prioritizing securing them as a critical priority. Securing these identities remains a significant challenge for most organizations and security outcomes are a work in progress.
Key Research Findings:
Number of barriers and a lack of proactive investment from leadership presents biggest challenge
- Top two barriers for security teams are identity frameworks being complicated by multiple vendors and different architectures (40%) and complex technology environments (39%)
- Respondents also identified insufficient budget (30%), a lack of expertise (29%), standards (26%), people (25%), and governance (23%) as barriers
- Only 49% of identity stakeholders said their leadership teams understand identity and security risks and proactively invest in protection prior to an incident
CIO INFLUENCE: SEEQC Unveils Italy’s First Quantum Computing System
Identity growth continues, making identity a top security priority
- 55% report that the adoption of more cloud applications is the main reason for an increase in the number of identities
- Other critical factors driving identity growth were identified as the rises in remote work (50%), mobile device usage (44%) and third- party relationships (41%)
- 86% of respondents say managing and securing identity is one of the top five priorities of their security program
2023 trends are impacting identity security
- 89% of businesses are somewhat or very concerned that new privacy regulations will impact identity security
- 98% of respondents report AI/ML will be beneficial in addressing identity-related challenges, with 63% stating the number one use case is identifying outlier behaviors
- Social media is a key concern for businesses, with 90% saying they were slightly or very worried about employees using corporate credentials for their social media accounts
Investments in security outcomes improving, but still a work in progress
- 96% of identity stakeholders said that security outcomes could have lessened the business impact of incidents
- 42% of respondents said implementing MFA for all users could have prevented or minimized the effect of incidents, followed by timely reviews of access to sensitive data (40%) and privileged access (34%)
- 97% reported that they are planning to further invest in security outcomes in the next 12 months
CIO INFLUENCE: HP Chooses RISE with SAP to Help Drive Digital Transformation, Optimization and Efficiency
[To share your insights with us, please write to sghosh@martechseries.com]
