Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Cybersecurity Crisis: Organizations Race to Reinforce Identity Security in Wake of Attack Epidemic

With the ongoing challenges organizations face in securing identities, evidence shows many are relying on AI to thwart adversaries yet it's leading to flawed defenses. According to the recently released 2024 State of Passwordless Identity Assurance Report, by HYPR, the Identity Assurance Company, 75% of respondents expect AI to combat cybercriminals. However, 60% also consider AI-powered threats as their biggest identity security concern. There is a resounding call for identity-first security strategies, prioritizing passwordless adoption and frictionless identity verification, as key defenses.

The fourth annual edition also unveils the persistent trend of credential misuse and authentication weaknesses as primary drivers of breaches, costing victim organizations an average of $5.48 million over the past year.

Conducted by HYPR and Vanson Bourne, the report derives insights from 750 IT security decision makers, representing a cross-section of industries in the UK, France, and Germany, Asia-Pacific and Japan, and the United States. The findings arrive during a critical turning point, as organizations scramble to bolster defenses amidst a relentless wave of credential-based attacks. In fact, nine out of ten (91%) claim credential misuse or authentication weakness as the cause behind a breach - up from 82% in 2022. Yet, despite these alarming figures, 99% of respondents remain tethered to legacy, vulnerability-rife authentication methods.

"The gap between evolving threats and outdated identity models undermines global security and business growth. While teams scramble to outpace the rate of credential-based attacks, the solution lies in a fundamental shift towards deterministic identity controls - that is phishing-resistant authentication, continuous verification, and risk detection and mitigation," said Bojan Simic, CEO and Co-founder of HYPR. "A holistic framework built on these principles not only closes legacy loopholes exploited by attackers, but also streamlines processes, boosts operational efficiency and ensures compliance."

Credential-based attacks continue to surge, exposing the limits of current prevention strategies

The trend of credential attacks shows no signs of slowing, with high-profile breaches within the healthcare, financial and telco industries, already casting a long shadow over 2024. Data reveals that in 2023, 78% of organizations suffered an identity-related cyberattack. The drivers:

  • Almost four in ten (39%) experienced phishing attacks; identity impersonation struck 28% of organizations, while push notification exploits were the fifth most common vector at 26%.
  • More than two-thirds (69%) were breached via authentication processes, unsurprising considering most employees use four different types of authentication methods.
  • 78% experienced identity fraud, with over half falling victim multiple times, each incident costing an average of $2.78 million.

Passwordless gains traction with signs of progress in identity security despite paradox

It is evident that organizations are hindering their own identity-first security initiatives by misplacing priorities. For example, only 67% deployed new identity tools or changed their authentication methods following a breach, while 33% neglected to act. Contradictorily, 89% believe that passwordless provides the highest level of security, yet over half (53%) cling to vulnerable username/ password methods. To add to the complexity, organizations are grappling with the paradoxical nature of AI with three quarters viewing it as essential armor against cyberattacks, while six in ten recognize it as a powerful new weapon for adversaries. On a positive note:

  • Four in ten (41%) intend to adopt or continue to use passwordless authentication over the next 1-3 years.
  • 97% of those who plan to use passwordless, will incorporate passkeys.
  • Identity verification is emerging as a priority with 43% of respondents planning to incorporate the technology.
  • Close to half (49%) are likely to expand employee training programs with the goal to reduce human-led authentication errors.

"HYPR's research shows that identity assurance isn't just about security, it's a foundational pillar for building a resilient and adaptable future. Organizations that prioritize it gain a strategic advantage by fostering seamless and secure experiences. This not only boosts productivity but, more importantly, cultivates trust with key stakeholders," said Anthony Belfiore, Chief Security Officer at Wiz. "In today's rapidly evolving digital landscape, robust identity security isn't just about survival; it's the catalytic force that empowers businesses to thrive in an uncertain and ever-changing environment."

Published Friday, May 24, 2024 10:31 AM by David Marshall
Filed under:
Get This Featured White Paper: Leveraging the Combined Power of Liquit and Microsoft Intune
You may also be interested in this white paper: Analyzing VMware Horizon Logons
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<May 2024>
SuMoTuWeThFrSa
2829301234
567891011
12131415161718
19202122232425
2627282930311
2345678