Page 112 - Cyber Defense eMagazine July 2024
P. 112

While  MFA,  one-time  verification  codes,  and  hardware  tokens  are  effective,  people  often  suffer  from
            authentication  fatigue.  Companies  may  be  hesitant  to  turn  on  MFA  to  avoid  increasing  friction  for
            employees  and  consumers.  We  need  to  focus  on  improving  the  interoperability  and  portability  of
            identities, which can reduce the scope of the problem to a manageable size.


            One major challenge in identity management  is identity sprawl. Of the organizations  we surveyed, 93%
            are  actively  taking  steps  to  manage  identity  sprawl.  The  proliferation  of  cloud  SaaS  services  has
            increased  productivity,  and  it also  creates  a  new  identity  or  account  with  each  service.  This  forces  a
            choice between  managing  each of them uniquely  or lowering your security  profile and managing  all of
            them in the same way. The explosion of identities costs more than we realize. Only 15% of organizations
            track specific metrics  of cost per identity  by customer  or employee type and need.  Unchecked  identity
            sprawl leads to higher costs and greater security exposure.


            This  year an  astonishing  84%  of identity  stakeholders  said  identity-related  incidents  directly  impacted
            their  business.  The  primary  cost  was  a  distraction  from  their  core  business  to  address  the  incidents.
            Nearly the same percentage indicated that costs to recover from an incident had a significant impact.

            While we’re in the middle of the sandwich,  let’s focus on the main ingredient:  phishing-related  attacks.
            These attacks account for nearly double the impact of any other incident type. We all have moments of
            distraction when we click on a link without thinking, and that’s when these attacks happen.

            Let’s add some dressing to this sandwich and top it with the other slice of goodness. In the recent survey,
            73% of respondents indicated that effectively managing and securing digital identities is among their top
            three priorities. This shows we’re moving in the right direction.

            An impressive  97% of respondents  have an incident  response plan and most have had to use it more
            than once in the past year. While 3% is small, it’s still too many. Having a plan is crucial because although
            you can’t stop every attack, you can be prepared to respond effectively.

            I'll leave you with two key facts. First, 93% of identity stakeholders said that security outcomes could have
            reduced the business impact of incidents. Even more encouraging, 99% of businesses reported they are
            planning to further invest in security outcomes over the next 12 months.

            We are  making  good  progress  in protecting  our  identities.  Despite  challenges  like identity  sprawl  and
            increasing attacks, it may feel like we are losing ground, we just need to run a little faster to stay ahead
            of the curve.

















            Cyber Defense eMagazine – July 2024 Edition                                                                                                                                                                                                          112
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   107   108   109   110   111   112   113   114   115   116   117