IDSA: Number of identities in the enterprise soared with remote work

The pandemic shift to remote work has put a spotlight on the importance of securing digital identities and should provide an opportunity for CISOs to elevate the role of identity in their security strategies. With more employees working remotely, 80% of organizations increased their focus on identity security, the non-profit Identity Defined Security Alliance said in a recent study.

Above: The majority of organizations made changes over the past year to better align security and identity functions.

Image Credit: Identity Defined Security Alliance

Over the last year, there has been an increase in the number of identities and an increased focus on identity security, but a decrease in confidence in the ability to secure employee identities, IDSA found in an online survey of over 500 IT decision makers directly responsible for IT security or Identity and Access Management (IAM) in enterprises with more than 1,000 employees. The full report examines the impact that the pandemic and increase in remote work had on IAM in the enterprise, as well as the implementation of identity-focused security strategies.

Four out of five participants believe that while identity management used to just be about access, it’s now mostly about security. The majority of organizations (64%) made changes to better align security and identity functions. One of the largest changes, and perhaps most impactful, is the fact that the CISO increasingly plays a leadership role when it comes to IAM. In the 2021 report, 87% of organizations named the CISO as the leader, which is a a dramatic boost to the 53% that said the same in 2019.

Even though organizations had to deal with additional security challenges associated with more identities, exponential remote access, and more personal devices, the number of identity-related breaches did not increase. The number of organizations which experienced an identity-related breach within the past two years stayed the same at 79%.

The leading cause of identity-related breaches also remained the more or less the same, with phishing (68% this year vs 66% last year) as the primary attack method for stealing legitimate credentials. Privilege abuse remained a distant second (28% this year vs 29% last year).

With a legitimate set of credentials, whether acquired through phishing or other methods, cyber criminals were able to execute attacks. According to 78% of organizations, these breaches had direct business impacts ranging from downtime to stolen data to financial repercussions.

Increased attention also appears to be correlating with increased investment, as nearly all organizations (97%) said they planned to invest in the IDSA’s recommended identity-related security outcomes in the next two years. An identity-related security outcome is associated with improved organization’s security posture and reduced risk of an identity-related breach or failed audit. IDSA offers a full library of outcomes along with vendor-neutral implementation approaches.

Read the full IDSA study.