In a recent poll* of 500 US identity and security professionals the non-profit Identity Defined Security Alliance (IDSA) found that 84% had an identity-related breach in the past year, with 78% experienced a direct business impact as a result of the breach. Key Points:
Identity growth continues, making identity a top security priority
- 98% Said the number of identities is increasing, primarily driven by cloud adoption, third party relationships, and machine identities.
- 64% Have identified identities as among the Top 3 priorities for their security program
Risky behavior reduced when executives put focus on identity security
- 71% Have executives who speak publicly to employees about password security
- 60% Of IT/Security Stakeholders admitted to risky security behaviors
Investments in security outcomes still a work in progress, focus on basics lacking
- 97% Will be investing in identity-focused security outcomes, the same as last year
- MFA Is a key focus area, particularly for privileged users and employees
It’s unsurprising that phishing once again rises to the top of identity-related attack, with 64% of respondents noting that protection measures are a top priority, and fully 59% sharing that they’ve experienced a significant phishing attack in the last year. It’s time to move past reliance on first-gen “gotcha” phishing training, which educates valuable employees by “naming and shaming” them on lapses and missteps. The fact is that people aren’t the organization’s weakest link – they are and must be treated as among its greatest assets. Other classes of cybersecurity tools have advanced to the point where they provide real-time interventional assistance and intelligence that actually boosts both effectiveness and morale. It’s time for employee awareness training to similarly advance.