HYPR Team
3 Min. Read | January 18, 2024
Identity forms the foundation of the modern workplace. Nearly every task depends on the ability to securely access systems using valid digital credentials linked to verified employees. Identity and access management (IAM) must constantly balance between security on one hand, and convenience and productivity on the other.
The increasing interconnectedness and decentralization of systems, together with the surge in digital identities, are placing tremendous strain on these IAM processes, and attackers have been quick to take advantage. The past year saw regular reports of identity-related breaches, with increasingly severe consequences. Take the 2023 hack of MGM Resorts — their systems were down for ten days after hackers impersonated an employee and tricked service desk personnel into granting them access.
In order to better understand what we can expect in 2024, the research team at Vanson Bourne surveyed IAM security leaders across the United States about the current workforce identity security practices and pain points in their organization.
Identity Security Trends: Key Findings
Identity Challenges Abound
Our research shows that all organizations still struggle when it comes to securing their workers’ identities. The top pain point, cited by 40%, is employee identity proofing/verification. Many organizations use a series of manual processes that are disconnected from their primary identity systems. Authentication comes in at a close second challenge, with 37% admitting that their authentication processes are vulnerable to phishing and credential attacks. Other top challenges include implementing continuous risk assessment and reducing authentication application sprawl, both named by 35% of organizations.
Organizations Contend With Frequent Identity Risks
The findings show that employees engage in risky activities on a regular basis. Around seven in ten organizations (71%) report detecting risky user behavior or unexpected changes in the risk environment multiple times each week; nearly a quarter experience daily risks.
Moreover, In all likelihood, these risk figures skew much higher. Organizations admit their visibility into identity risks remains incomplete. On average, they monitor fewer than half (49%) of their employees’ identities on a daily basis for risk or indications of compromise. This potentially leaves a large swath taking risky actions that go undetected.
Employee Identity Fraud: Organizations Find It Difficult To Verify Employees in Real Time
More than ⅔ of organizations spend over two hours performing identity verification checks when an employee needs to replace a device, when a risk is flagged by security systems or when employees change roles. In some cases the average time spent is much higher. For example it takes an average of 8.52 hours to verify identity when an employee changes roles.
Identity Fraud Is Rampant and Costly
The widespread reliance on insecure identity security solutions is leaving the door wide open to security threats, with undeniable consequences. Identity fraud is so prolific among organizations that over three quarters (77%) report falling victim multiple times within the last 12 months.
Organizations are feeling the impact in their balance sheets. On average, identity fraud cost organizations an average of $4.33 million in the last 12 months.
More Findings and Recommendations on Identity Security
You can read the full research report here, including an exploration of emerging defense trends.
