New Research Underscores the Importance of Identity Security and MFA

New Research Underscores the Importance of Identity Security and MFA

By Alex Passett

MSPToday Editor and writer extraordinaire Greg Tavarez has penned many informative articles on cybersecurity for businesses; particularly regarding passwords and multi-factor authentication (MFA) best practices. (And, unfortunately, how hackers and other bad actors attempt to circumvent securities to further their own malicious gains.) As Tavarez has pointed out, these are real, ongoing problems in need of quick-to-address solutions.

Oort, a provider of identity-centric enterprise security (i.e. via smart remediation actions and a full suite of reliable and comprehensive identity threat detection, response, and prevention tools) recently released the findings of its State of Identity Security Report, available in full here. A thorough analysis that references data from more than 500,000 identities, Oort’s research takes a close look at the challenges organizations face with regard to securing their identity attack surface. The most common Identity and Access Management (IAM) hygiene challenges leaving organizations at risk, in addition to the most commonly used techniques attackers take advantage of, are all detailed therein.

Though not limited to these alone, Oort’s important takeaways include:

  • 40.26% of accounts in an average enterprise are either using weak second factors, or none at all. This leaves them highly vulnerable to phishing, social engineering, etc.
  • Phishing-resistant second factors were only, unfortunately, used in 1.82% of all logins. This lack of strong MFA adoption implies that more account attacks and takeovers, issues with regulatory compliances, and more are on the horizon for those not securing appropriately.
  • 24.15% of accounts in an average enterprise are reportedly dormant, i.e. some of the lowest-hanging fruit for eager attackers. Oort emphasizes the cleanup of old accounts (and the double and triple checks necessary for admin accounts, in particular).
  • 79.87% of application accounts go unused every month, highlighting that users may have access to too many applications and sensitive data. Reining in the right permissions is key; unnecessary access can lead to excessive licensing and disturbances to data. Reducing user access and honing how visibility is granted can really help.

Overall, Oort’s research impresses how vital it is for enterprises to tighten visibility in order to decrease their attack surface, as well as the necessities of enforcing proper MFA and ensuring that IAM hygiene is not left poor, thus leaving accounts and more at risk.

“The vast majority of successful breaches in the past year were the result of account takeover, or ATO,” said Matt Caulfield, Oort’s founder and CEO. “The research illustrates just how easy enterprises are making it for attackers to target their identities and launch successful ATO attacks.”

“Organizations can easily decrease these risks,” Caulfield continued, “by prioritizing identity security, understanding their attack surface, tapping into IAM hygiene issue visibility, and setting up MFA compliance. You have to stay laser-focused in order to secure identities and stop account takeover.”




Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

Stellar Cyber and Trellix Bridge the Gap in Security Operations

By: Greg Tavarez    3/28/2024

Stellar Cyber announced the integration with Trellix Endpoint Security HX to allow customers to deploy more robust security solutions and improve thei…

Read More

CyberSaint Raises $21M in Series A Funding to Continue Securing its CyberStrong Customers

By: Alex Passett    3/27/2024

CyberSaint announced that it succeeded in a huge $21 million Series A funding round. This was led by Riverside Acceleration Capital (RAC) with other i…

Read More

US Education Receives Security Upgrade with Free Browser Protection Offered by Conceal, Carahsoft

By: Greg Tavarez    3/27/2024

Conceal and Carahsoft recently unveiled an initiative to fortify the cybersecurity infrastructure of U.S. educational institutions.

Read More

Cato's AI Takes Control of Security and Incident Response

By: Greg Tavarez    3/27/2024

With Cato's recently announced Network Stories for Cato XDR, advanced AI algorithms instantly identify outages in customer networks and conduct root c…

Read More

A GenAI Cybersecurity Collab: CrowdStrike and NVIDIA, to the Rescue

By: Alex Passett    3/26/2024

CrowdStrike struck a critical deal to strategically collaborate with NVIDIA, a titan in the world of accelerated computing capabilities, high-performi…

Read More