"Identity-Related Breaches Hit 84% of US Firms in 2021"

According to new research conducted by the non-profit Identity Defined Security Alliance (IDSA), the number of security breaches stemming from stolen or compromised identities has reached epidemic proportions.  The IDSA polled 500 US identity and security professionals to compile its 2022 Trends in Securing Digital Identities report.  The researchers found that 84% of participants had experienced an identity-related breach in the past year, with the vast majority (78%) claiming it had a direct business impact.  The researchers stated that part of the problem is the high volumes of identities created daily in the corporate world.  Almost all respondents (98%) reported that the number of identities is increasing, primarily driven by cloud adoption, third-party relationships, and machine identities, including bots and IoT devices.  The researchers noted that poor security practice is often to blame for incidents.  According to the researchers, although half (51%) of respondents said they typically remove access for a former employee within a day, only 26% always do.  The researchers stated that employees are often the weakest link in the security chain, even those that should know better.  Some 60% of IT/security respondents claimed they engage in risky security behavior.  The researchers stated that, fortunately, organizations seem to be getting the message.  Nearly all respondents (97%) claimed they’re planning to invest in “identity-focused security outcomes,” and 94% said identity investments are part of strategic initiatives, including cloud adoption (62%), Zero Trust implementation (51%), and digital transformation initiatives (42%).

Infosecurity reports: "Identity-Related Breaches Hit 84% of US Firms in 2021"