State of Identity Security Research Reveals 40% of Accounts Use Weak or No Form of Multi-Factor Authentication to Protect Identities
Oort, provider of identity-centric enterprise security, revealed the findings of its State of Identity Security Report, a comprehensive analysis of data from more than 500,000 identities. In its mission to address the challenges organizations face in securing their identity attack surface, Oort’s research unveils the most common Identity and Access Management (IAM) hygiene challenges leaving organizations at risk, and the most commonly used techniques attackers are utilizing to take over accounts.
AiThority Interview : AiThority Interview with João Graça, Co-founder and CTO at Unbabel
“The vast majority of successful breaches in the past year were the result of account takeover (ATO). This research illustrates just how easy enterprises are making it for attackers to target their identities and launch successful ATO attacks,” says Oort Founder and CEO, Matt Caulfield. “IAM and security teams simply don’t have the visibility and control they need to see these risks, leaving them blind to the most common threats they are likely to face this year – account takeover.”
Oort reports that 40.26% of accounts in an average enterprise are using either weak second factors or none at all, leaving them vulnerable to targeting with simple techniques like phishing and social engineering. Additionally, the report finds that phishing-resistant second factors were used in only 1.82% of all logins. The lack of strong MFA adoption has implications not only for potential account takeover attacks, but also regulatory compliance, citing several compliance frameworks that have requirements for MFA.
The report unveils the most commonly targeted accounts are either dormant or those that belong to executives and administrators. Dormant accounts are the lowest hanging fruit for attackers, and yet represent 24.15% of all accounts for an average enterprise. Oort found an average of 501 monthly attacks against dormant accounts per company emphasizing the importance of cleaning up and having oversight of suspicious behavior within dormant accounts. The findings show that administrator accounts, which give attackers the highest degree of permissions, are targeted more than three times the average account and often lacked, or were excluded from, MFA controls.
Read More Interview: AiThority Interview with Anthony Katsur, Chief Executive Officer at IAB Tech Lab
Oort’s research also revealed that 79.87% of application accounts go unused every month, highlighting that users have access to too many applications and sensitive data. The implications of having unnecessary access and the financial burden of excessive licenses are quick wins that organizations can avoid with the proper visibility over their identities and their associated behavior. By reducing user access to excessive applications and the data contained within, organizations can fairly easily reduce costs and improve visibility over their identities and their associated behavior.
Oort’s research impresses the importance for enterprises to gain visibility across all their identities to decrease their attack surface, enforce proper MFA adoption, and ensure poor IAM hygiene is not leaving them at risk. This includes regularly reviewing and updating user accounts, groups, and permissions, as well as implementing access controls and monitoring systems to detect and respond to any suspicious activity.
“Organizations can easily decrease the risk of account takeover by prioritizing identity security. Understanding their identity attack surface, having visibility into basic IAM hygiene issues and MFA compliance can go a long way in eliminating the easiest targets for attackers to succeed,” adds Caulfied regarding the opportunity organizations have to address these challenges and reduce their risk of breach. “Oort provides this greater visibility and control for security teams and we are laser focused on helping enterprises secure their identities and stop account takeover.”
Latest Interview Insights : AiThority Interview with Ritu Bhargava, Chief Product Officer at SAP CX
[To share your insights with us, please write to sghosh@martechseries.com]
Comments are closed.