IN Groupe outlines workforce identity risks as credential attacks rise

The arrival of digital onboarding, distributed teams and hybrid work has ushered in a new security priority for companies – workforce identity. Credential compromise is the root cause of many cyberattacks, underscoring the importance of comprehensive identity lifecycle management in ensuring cybersecurity, according to a new trend analysis from identity and security firm IN Groupe.

The Securing Workforce Identities in 2026 report explores trends and threats in processes such as remote identity verification, issuing trusted employee identities (Know Your Employee, KYE), and using those identities across the enterprise. The report also offers recommendations for boosting security.

For remote identity verification, the French company argues for aligning onboarding workflows with evolving regulatory frameworks and designing digital onboarding processes to meet eIDAS 2.0, GDPR, and AML directives. Organizations should also leverage ICAO-compliant identity documents, such as ePassports and national eIDs, for global hiring.

When it comes to issuing employee identities, the report recommends deploying passwordless authentication using FIDO2, PKI, and mobile ID technologies and implementing robust identity and access management (IAM) with multi-factor authentication (MFA),

Another task for enterprises is to introduce mobile identities as a complement to physical smartcards, enabling flexible credential use across devices and environments. Companies should also start transitioning to Post-Quantum Cryptography (PQC) to ensure long-term resilience.

Trusted identities should be consistently applied across the entire enterprise ecosystem, the report notes. This means organizations should continuously verify identities, enforce least-privilege access and segment resources to reduce lateral movement, which are key steps toward Zero Trust.

Identity should be centralized using a federated framework that spans cloud and on-premises environments, while single sign-on (SSO) can be implemented to streamline user access across applications, IN Groupe adds.

Disconnected apps bring underestimated risks: Cerby

A separate report shows why the last point of IN Groupe’s recommendation list is so important.

Business applications that are not fully integrated with an organization’s identity systems bring critical gaps in identity coverage, with 77 percent of organizations experiencing at least one cybersecurity incident, according to identity automation company Cerby and the Ponemon Institute, a research organization focused on data use.

The analysis showed that, on average, nearly a third of enterprise applications are not covered by centralized identity systems, bringing underestimated risk. A typical enterprise uses 284 applications on average, of which 80 fall under so-called disconnected apps.

​Driving the rise in disconnected apps are AI and GenAI applications, which have seen a large uptake: 87 percent of respondents say their organization has adopted one of these apps. Another significant contributor is social media platforms such as X, Meta, LinkedIn, and Instagram, which account for 34 percent of cybersecurity incidents.

​“Disconnected applications are increasing in number and importance, but they remain outside the reach of core identity controls,” says Matt Chiodi, chief strategy officer at Cerby. “This growth without governance is driving real-world incidents, audit failures and a widening gap between perceived and actual security.”

The report, titled The Hidden Cybersecurity Threat: Disconnected Apps, is based on a survey of 614 IT and security leaders. Cerby plans to discuss the findings during a webinar on May 6th.

Article Topics

Cerby  |  cybersecurity  |  digital identity  |  FIDO2  |  identity access management (IAM)  |  IN Groupe  |  passwordless authentication