The Identity Defined Security Alliance (IDSA) has released its “2024 Trends in Identity Security” report, providing an in-depth analysis of the current state and ongoing challenges of identity security. The report, compiled in collaboration with Dimensional Research, surveyed 521 IT security and identity professionals from large organizations across the United States. The findings highlight the increasing complexity of managing digital identities and the urgent need for robust security measures.
Rising Priority
Put in simple terms, identity security ensures that only authorized people can access certain resources, protecting digital identities from unauthorized use and breaches. The report reveals that securing digital identities has become a critical business focus. Some 22% of respondents identified it as their top priority, up from 17% in 2023. Over half (51%) of the surveyed professionals now see it as a top-three priority. This shift is largely driven by identity sprawl, where the number of digital identities within organizations grows unchecked. Managing this sprawl has become a major focus for 57% of respondents, correlating with increased cyber-attacks, particularly phishing and stolen credentials.
Impact of Identity-Related Incidents
Employee behavior significantly influences identity-related incidents, with many organizations concerned about using corporate credentials for social media. The report notes that 84% of identity stakeholders experienced business impacts from such incidents, a rise from 68% in 2023. The most notable impacts include distraction from core business activities (52%) and recovery costs from breaches. The frequency of invoking incident response plans has nearly doubled, indicating the severity and frequency of these incidents.
Ongoing Challenges
Security teams face numerous barriers in managing identity security. Complex technology environments and insufficient budgets are the top challenges, each cited by 38% of respondents. Additionally, a lack of skilled personnel remains a significant issue, with 34% of professionals highlighting this concern. To address these challenges, businesses are investing in timely access reviews and multi-factor authentication (MFA), which form the foundation for a zero-trust security model.
Insurance and Identity Security
The report indicates a steady investment in cyber insurance for identity-related incidents. Currently, 52% of businesses have already invested in cyber insurance, while 29% plan to do so. However, only 31% of respondents expect their cyber insurance to cover the full cost of breach remedies, highlighting a gap between insurance coverage and actual needs. This underscores the importance of proactive identity security measures to mitigate risks and reduce reliance on insurance claims.
Technological Advancements and Security Outcomes
The report emphasizes the role of emerging technologies in enhancing identity security. A significant majority of respondents (96%) believe that artificial intelligence (AI) and machine learning (ML) can benefit identity security, particularly in identifying outlier behaviors and evaluating the severity of alerts. Furthermore, there is strong support for passwordless and phishing-resistant MFA technologies, with over 80% of professionals endorsing these solutions.
Future Investments and Priorities
Looking ahead, 99% of businesses plan to increase their investment in security outcomes over the next 12 months. The top priorities include more timely reviews of privileged access and access to sensitive data, alongside continued investment in MFA for all users. Despite these efforts, many identity-related security outcomes remain a work in progress. Implementing MFA and the principle of least privilege are cited as critical measures that could have minimized the impact of past incidents.
Conclusion
The “2024 Trends in Identity Security” report by IDSA highlights the growing complexity and importance of managing digital identities. With identity sprawl and cyber-attacks on the rise, businesses must prioritize robust identity security measures. Investments in advanced technologies, comprehensive insurance strategies, and proactive security outcomes are essential to protect against the evolving threats in the digital landscape. For more information, visit the Identity Defined Security Alliance.
Source: 2023 TRENDS IN SECURING DIGITAL IDENTITIES.
Other News: Are Cyber Insurers and their Clients Putting Too Much Trust in MFA (Multifactor Authentication) to Stop Ransomware? (Opens in a new browser tab)