Virtualization Technology News and Information
RSA ID IQ Report Reveals What You Don't Know Will Breach You
RSA released its inaugural ID IQ Report today. Using results from the RSA ID IQ Quiz, the report assesses and baselines users' identity security knowledge, capabilities, and perceptions regarding the role of AI in cybersecurity. Results from the 2023 RSA ID IQ Report reveal that:
  • The gap in users' identity security knowledge gives cybercriminals an opening
  • Respondents trust technological innovations for their security and privacy
  • Unmanaged mobile devices are prime targets for identity compromise
  • Fragmented identity solutions are driving up costs and slowing down productivity

See the following for further analysis:

Identity security knowledge gaps give cybercriminals an opening

The RSA ID IQ Report found significant gaps in respondents' knowledge concerning key identity vulnerabilities, best practices for securing identity, and how to develop stronger identity security. For instance, 63% of respondents could not accurately identify the identity components needed to move organizations toward zero trust. Likewise, 64% of respondents did not select the best practice technologies for reducing phishing. More than half (55%) did not understand the full scope of identity capabilities that can improve an organization's security posture.

These findings align with third-party research indicating that identity is the most frequent cause of data breaches: the Verizon 2023 Data Breach Investigations Report found that the use of "stolen credentials became the most popular entry point for breaches" over the past five years.

"The RSA ID IQ Report reveals why identity is one of the most susceptible ways for cybercriminals to breach an organization-users simply don't understand identity's full cybersecurity role, the risks that identity poses, or the ways to use identity to build safer organizations," said RSA CEO Rohit Ghai. "The gaps in users' identity knowledge give cybercriminals openings to exploit."

Among self-described IAM experts, 65% did not accurately select best practices to reduce phishing and 42% underestimated the frequency with which users recycle their passwords.

"Growing numbers of users, devices, entitlements, and environments are overburdening IAM specialists-they just can't keep up," said RSA Chief Product Officer Jim Taylor. "Identity plays critical roles across organizations, and for organizations to stay secure and compliant, identity needs to excel in each of those roles. The RSA ID IQ Report results reveal why organizations need to invest in unified identity solutions and integrate artificial intelligence to help their personnel keep up with the pace of change."

Respondents trust technology with their security and privacy

Nearly two-thirds (64%) of respondents put more trust in technical innovations like a computer or password manager with securing their information than their partner, closest friend, or financial advisor.

Respondents felt even stronger about artificial intelligence's potential to improve identity security: 91% of respondents believed that AI can detect suspicious authorizations and access attempts, identify irregularities in entitlements, and recognize vulnerabilities on mobile devices.

Unmanaged devices are prime targets for identity compromise

Unmanaged devices have become prime targets for identity compromise: nearly three-quarters of all respondents (72%) believed that people frequently use personal devices to access professional resources. Nearly all (97%) cybersecurity experts felt that users opened more emails on their phones than on desktops, had more difficulty scrutinizing those emails on mobile devices, used personal devices to access professional resources, and/or that unmanaged devices don't have the same security capabilities as managed devices.

Each of those factors could catalyze identity compromise-together, they represent a perfect storm of risks. These responses align with Zimperium's 2023 Global Mobile Threat Report, which found that the average user is 6-10 times more likely to fall for an SMS phishing attack than an email-based attachment.

Fragmented identity solutions drive up costs, slow down productivity

Nearly three-quarters of all respondents either didn't know or significantly under-valued the cost of a password reset, including nearly half of all self-described IAM experts. With each password reset costing upwards of $70, resets can account for nearly half of all IT help desk costs. The fact that 73% of respondents can't accurately price this expense or understand its impact on their IT counterparts could lead to run-away costs, underscoring the value of using one identity solution for both authentication and access.

The report also revealed how inadequate identity governance and administration hurts organizational productivity. Nearly one-third (30%) of all respondents reported that they were prevented from accessing the systems needed to do their work at least once a week.

Published Thursday, July 27, 2023 8:55 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2023>