DENVER — A new survey-based report suggests that nearly every organization is strategically pursuing investment in identity management technology, with a 64% majority claiming identity initiatives are a top-three priorities for their security programs. But there is much more work to be done, considering that 84% of respondents said their company experienced a breach over the past year due to a digital identity compromise — an increase from 79% last year.
Released this Wednesday during the Identiverse Conference in Denver, the "2022 Trends in Securing Digital Identities" report is the brainchild of the non-profit Identity Defined Security Alliance (ISDA). To inform the report, researchers at Dimensional Research polled 504 security and identity professionals at companies with more than 1,000 employees.
When asked what action could have been the difference-maker that prevented a breach they experienced, respondents most commonly cited the implementation of multi-factor authentication (43%). And yet, only 45% of survey-takers said that their companies had fully implemented MFA for their employees, while another 36% said it was a work in progress.
The next most frequently cited difference-makers were timely reviews of privileged access (41%) and continuous discovery of all user access rights (34%).
One area where the professionals indicated their organizations may be falling short is employee training. According to the IDSA, 94% of respondents said they offer training on password security, yet only 30% called the training "very effective," while 62% said it only helped a little bit.
"It's more important now than ever to make sure that you're protecting your identities and the identities that are being used to access your assets and data within your organizations," said Julie Smith, executive director of the IDSA, in an interview at Identiverse.
When asked which report finding was most surprising, Smith told SC Media that roughly 60% of security professionals admitted that they at times have engaged in risky practices that could have endangered their own passwords and digital identities.
For more on Smith's analysis of the IDSA report's results, watch the embedded video.