Identity security has emerged as a pressing concern following a series of significant breaches, with numerous high-profile organizations such as Microsoft, Okta, Cloudflare, and Snowflake experiencing security incidents. This situation has prompted stakeholders to reassess their approaches to identity security from both strategic and technological perspectives.
Traditionally, identity security has been primarily viewed in terms of access provisioning and de-provisioning for various applications and services. However, this narrowly focused viewpoint is increasingly seen as inadequate. The 2024 Permiso Security State of Identity Security Report reveals a troubling trend: while many organizations express confidence in their ability to identify security risks, nearly half (45%) of respondents voiced significant concern regarding whether their current tools can effectively detect and guard against identity-related attacks.
Conducted during the summer, the Permiso survey gathered insights from over 500 IT security and risk professionals who actively influence decision-making in these domains. Despite increased investments in cyber risk mitigation, their findings underscore a prevailing anxiety amid evolving identity threats. Of particular note, 93% of the participants affirmed their capability to inventory identities across all environments, yet 45% reported having experienced an identity security incident in the past year, mainly characterized by impersonation attacks.
An alarming nuance of the survey data indicates that even though 86% of organizations feel equipped to identify the riskiest identities—whether human or non-human—many still fall victim to identity breaches, predominantly through social engineering tactics. In incidents involving sensitive data breaches, 54% of those affected reported that threat actors targeted personally identifiable information (PII) and intellectual property (IP).
The findings also indicate a stark perception of risk amongst respondents: human identities are frequently viewed as the most vulnerable, with employees considered high-risk compared to non-human identities like API keys and service accounts. This realization calls into question the industry’s prevailing narratives surrounding the risks associated with non-human identities.
Furthermore, the report highlights a lack of clarity regarding identity security responsibilities within organizations operating in hybrid and multi-cloud environments. The IT department was predominantly identified (56%) as responsible for safeguarding identity security. This relegation of identity security tasks to IT may stem from historical conventions where such responsibilities were limited to access management, leaving security departments underrepresented in identity governance.
Budget allocation for security measures also follows a siloed approach, predominantly favoring SaaS and IaaS environments over a comprehensive strategy encompassing all operational landscapes. The data suggest that whilst organizations exhibit an awareness of the cyber threats surrounding them, there remains a critical gap in their ability to detect and respond effectively to identity-based threats. Many listed their primary concerns as credential compromise and account takeover.
To tackle these challenges, it is essential for all stakeholders—including vendors and security professionals—to collaborate on redefining identity security as a strategic business enabler rather than merely a technical hurdle. It is imperative to shift the focus towards an integrated security posture that encompasses the realities of both human and non-human identity threats.
Permiso Security is poised to address these challenges head-on by striving to make unified identity security applicable across all identities and environments. The complete findings of the 2024 report can provide further insights into these pressing issues, highlighting the urgent need for organizations to rethink their identity security strategies.
Business leaders concerned about their cybersecurity postures can delve deeper into the report at this link: https://hero.permiso.io/state-of-identity-security-survey-report-2024. For organizations seeking to enhance their identity security strategies, learning more about Permiso’s offerings is advised.
This fast-evolving landscape of identity security serves as a reminder of the continuous vigilance required to withstand the dynamic and sophisticated threats posed to organizations today.