Identity, Breach

Identity management a top strategy priority, but MFA implementations are lagging (WATCH)

DENVER — A new survey-based report suggests that nearly every organization is strategically pursuing investment in identity management technology, with a 64% majority claiming identity initiatives are a top-three priorities for their security programs. But there is much more work to be done, considering that 84% of respondents said their company experienced a breach over the past year due to a digital identity compromise — an increase from 79% last year.

Released this Wednesday during the Identiverse Conference in Denver, the "2022 Trends in Securing Digital Identities" report is the brainchild of the non-profit Identity Defined Security Alliance (ISDA). To inform the report, researchers at Dimensional Research polled 504 security and identity professionals at companies with more than 1,000 employees.

When asked what action could have been the difference-maker that prevented a breach they experienced, respondents most commonly cited the implementation of multi-factor authentication (43%). And yet, only 45% of survey-takers said that their companies had fully implemented MFA for their employees, while another 36% said it was a work in progress.

The next most frequently cited difference-makers were timely reviews of privileged access (41%) and continuous discovery of all user access rights (34%).

Click here for more SC Media coverage from the Identiverse Conference.

One area where the professionals indicated their organizations may be falling short is employee training. According to the IDSA, 94% of respondents said they offer training on password security, yet only 30% called the training "very effective," while 62% said it only helped a little bit.

"It's more important now than ever to make sure that you're protecting your identities and the identities that are being used to access your assets and data within your organizations," said Julie Smith, executive director of the IDSA, in an interview at Identiverse.

When asked which report finding was most surprising, Smith told SC Media that roughly 60% of security professionals admitted that they at times have engaged in risky practices that could have endangered their own passwords and digital identities.

For more on Smith's analysis of the IDSA report's results, watch the embedded video.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related

Senate OKs Section 702 reauthorization bill

Approval has been given by the Senate to legislation that would extend Section 702 of the Foreign Intelligence Surveillance Act for another two years, which headed to the desk of President Joe Biden just minutes after the surveillance law expired, reports CyberScoop.

More data broker regulation needed in draft privacy bill

More protections against data brokers were urged by lawmakers and data privacy experts to be added to the draft American Privacy Rights Act, which would only allow the deletion of consumer data provided that individual requests are made to the data brokers, reports The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.