As attacks plague enterprises with significant business impacts, the Identity Defined Security Alliance provides insights to help reduce risk
DENVER, June 22, 2022 — The Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, today unveiled its 2022 Trends in Securing Digital Identities report, based on an online survey of over 500 identity and security professionals. As identity-related breaches continue to be a massive threat, this report examines the progress organizations are making in defending against these attacks and the internal factors that are both enabling and interfering.
Managing identities accessing enterprise resources has become significantly more complicated over the last several years. Between the increasing number of identities, the challenges posed by phishing attacks, and the continued growth of cloud adoption, enterprises are under tremendous pressure to ensure that remote workers, contractors, and employees are accessing network resources securely and successfully.
An alarming 84% of respondents said their organization has experienced an identity-related breach in the last year, with 78% citing a direct business impact as a result. Organizations are responding by prioritizing identity in their security programs and making identity investments a part of strategic initiatives, such as cloud adoption, Zero Trust and digital transformation.
“Managing identities is becoming more and more complicated for organizations. Identities are growing in numbers and types, with the continuation of remote work, the increase in contractors and third-party relationships and the explosion of machine identities. ,” said Julie Smith, executive director of the IDSA. “This has led to an increase in identity-related breaches, creating business impacts to today’s enterprises. Although identity defined security investments are still a work in progress, companies are making headway. More organizations are not only making identity a priority, but investing in identity-focused outcomes. And it’s not just technology investments, executive support is making a meaningful difference in the way employees protect their corporate credentials, decreasing business risks and improving the overall security posture of their organization.”
Key Research Findings:
Identity growth continues, making identity a top security priority
- 98% reported that the number of identities is increasing, primarily driven by cloud adoption, third-party relationships and machine identities
- 94% said identity investments are part of strategic initiatives including cloud adoption (62%), Zero Trust implementation (51%) and digital transformation initiatives (42%)
- 64% of respondents say managing and securing identity is one of the top three priorities of their security program
Identity-related attacks rising and impactful, but preventable
- 84% of respondents said they experienced an identity-related breach in the past year
- 78% cited direct business impacts as a result of the breach including recovery costs and reputational damage
- 96% reported that they could have prevented or minimized the breach by implementing identity-focused security outcomes
Investments in security outcomes still a work in progress, focus on basics lacking
- 97% reported that they are planning to invest in identity-focused security outcomes
- 51% typically remove access for a former employee within a day, but only 26% always do
- 43% believe that implementing multifactor authentication (MFA) would have made a difference in preventing breaches
Risky behavior reduced when executives put focus on identity security
- 60% of IT/Security stakeholders admit to risky security behaviors
- More than 70% report that top executives speak publicly to employees about credential security
- 72% of respondents are more careful with their work passwords than personal passwords when executives discuss passwords
Identity Defined Security Alliance Resources
The Identity Defined Security Framework, collaboratively developed by leading vendors, solution providers and practitioners, provides vendor-neutral best practices and security outcomes for improving the security of digital identities. According to the report, 96% of organizations believe that the IDSA’s Identity Defined Security Outcomes may have prevented or minimized the impact of the breaches they suffered. Included with each Identity Defined Security Outcome are vendor-neutral implementation approaches, which are well-defined patterns that combine identity and security capabilities. To view the full library of outcomes, visit https://www.idsalliance.org/ids-101-outcomes-approaches/.
To download the full report, visit https://www.idsalliance.org/2022-trends-in-securing-digital-identities/.
Identiverse 2022
Join panelists from Target, Optum, SecZetta, Dimensional Research and the IDSA as they discuss the 2022 Trends in Securing Digital Identities on Wednesday, June 22 from 4:15 – 5:00 PM MDT. To learn more about IDSA and the Identity Defined Security Framework, please visit booth #1708.
Survey Methodology
Dimensional Research conducted an independent online survey of IT security and identity professionals in the United States. A total of 504 qualified individuals completed the survey. All participants were directly responsible for IT security or IAM at a company with more than 1,000 employees. Each was very knowledgeable about both IT security and identities. Participants included a mix of company sizes, job levels, and industries.
About the Identity Defined Security Alliance
The IDSA is a group of identity and security vendors, solution providers, and practitioners that acts as an independent source of thought leadership, expertise, and practical guidance on identity-centric approaches to security for technology professionals. The IDSA is a nonprofit that facilitates community collaboration to help organizations reduce risk by providing education, best practices, and resources. For more information please visit www.idsalliance.org and to learn more about memberships, please visit https://www.idsalliance.org/about-us/membership/.
Follow the IDSA:
Join the Community: https://forum.www.idsalliance.org/
Twitter: www.twitter.com/idsalliance
LinkedIn: www.linkedin.com/company/identity-defined-security-alliance/