IDSA survey shows digital identity security investment in next 2 years nearly universal
Four out of five companies have increased their focus on identity security after shifting to remote work during the pandemic, according to the Identity Defined Security Alliance (IDSA), providing a major opportunity for biometric authentication and IAM providers.
Among the 500 IT decision-makers surveyed, confidence in the security of employee identities declined from 49 percent to 32 percent in the past year. Accordingly, 97 percent say they will invest in identity-related security outcomes in the next two years.
The ‘2021 Trends in Securing Digital Identities’ report found that the number of organizations experiencing breaches related to digital identity within the past two years remained steady, at 79 percent. Nearly two-thirds (64 percent) have made changes to align security and identity functions in the past two years.
Many more CISOs have a leadership role in their organization’s IAM than in 2019, 87 percent compared to 53 percent.
The IDSA wants the report to provide chief information security officers (CISOs) guidance on how to increase the role of identity within their security strategies.
“The past year forced organizations to recognize the importance of securing digital identities, whether maintaining employee productivity through secure access from anywhere, using any device, or transforming engagement with customers to secure online services,” says Julie Smith, executive director of the IDSA. “If it hasn’t already happened, CISOs should seize this opportunity to elevate the importance of identity, not just in security strategies, but as an opportunity to provide business value through risk reduction, including Zero Trust initiatives, cost containment, increased productivity, and to improve both employee and customer experiences.”
Auth0 urges MFA use to defeat credential-stuffing
Credential-stuffing made up 16.5 percent of the traffic from attempted logins on Auth0’s platform in the first 90 days of calendar 2021, according to a new report, peaking at over 40 percent near the end of the reporting period.
‘The State of Secure Identity’ is referred to by Auth0 in the announcement as the inaugural edition. It shows bots make up roughly 15 percent of new accounts registration attempts, with significant variance between different industry verticals. More than 26,600 passwords were breached per day, on average.
One of the main recommendations in the report is to encourage the use of multi-factor authentication methods that avoid undue friction, including step-up authentication, adaptive MFA and WebAuthn-enabled biometrics.
“Securing customers’ identities is made more difficult by industry-wide failures to protect data. The prevalence of breached passwords and the availability of automated attack tools makes the humble password a protective measure from the past,” Duncan Godfrey, VP of Security Engineering for Auth0 says. “The State of Secure Identity Report is designed to share our unique identity security insights and recommendations with the industry so that application builders and developers at any organization can take the steps they need to improve their overall security posture, and make things more secure for end users.”
Auth0 was acquired by Okta in an all-stock transaction that closed recently.