Identity-related breaches on the rise, prevention still a work in progress

The number of workforce identities in the enterprise is growing dramatically, largely driven by DevOps, automation, and an increase in enterprise connected devices, which will only continue to accelerate identity growth, an IDSA survey of 502 IT security and identity decision makers reveals.

At the same time, compromised identities remain one of the leading causes of a data breach. According to the study, the vast majority of IT security and identity professionals have experienced an identity-related breach at their company within the past two years, with nearly all of them reporting that they believe these breaches were preventable.

“When approaching identity security, professionals must first consider a range of desired outcomes, or results they want to achieve, and then chart their paths accordingly,” said Julie Smith, executive director of the IDSA.

“According to security and identity professionals, these outcomes are still a work in progress, with less than half reporting that they have fully implemented any of the identity-related security outcomes that the IDSA has initially identified as critical to reducing the risk of a breach. In fact, the research shows a clear correlation between a focus on identity-centric security outcomes and lower breach levels.”

Identity-related breaches are ubiquitous

• 94% have had an identity-related breach at some point
• 79% have had an identity-related breach within the past two years
• 66% say phishing is the most common cause of identity-related breaches
• 99% believe their identity-related breaches were preventable

Identity security is a work in progress

• Most identity-related security outcomes are still in progress or planning stages
• Less than half have fully implemented key identity-related security outcomes
• 71% have made organizational changes to the ownership of identity management

Forward-thinking companies are showing results

• Forward-thinking companies are much more likely to have fully implemented key identity-related security outcomes
• Only 34% of companies with a “forward-thinking” security culture have had an identity-related breach in the past year — far fewer than the 59% of companies with a “reactive” security culture