New Research Underscores the Importance of Identity Security and MFA

New Research Underscores the Importance of Identity Security and MFA

By Alex Passett

MSPToday Editor and writer extraordinaire Greg Tavarez has penned many informative articles on cybersecurity for businesses; particularly regarding passwords and multi-factor authentication (MFA) best practices. (And, unfortunately, how hackers and other bad actors attempt to circumvent securities to further their own malicious gains.) As Tavarez has pointed out, these are real, ongoing problems in need of quick-to-address solutions.

Oort, a provider of identity-centric enterprise security (i.e. via smart remediation actions and a full suite of reliable and comprehensive identity threat detection, response, and prevention tools) recently released the findings of its State of Identity Security Report, available in full here. A thorough analysis that references data from more than 500,000 identities, Oort’s research takes a close look at the challenges organizations face with regard to securing their identity attack surface. The most common Identity and Access Management (IAM) hygiene challenges leaving organizations at risk, in addition to the most commonly used techniques attackers take advantage of, are all detailed therein.

Though not limited to these alone, Oort’s important takeaways include:

  • 40.26% of accounts in an average enterprise are either using weak second factors, or none at all. This leaves them highly vulnerable to phishing, social engineering, etc.
  • Phishing-resistant second factors were only, unfortunately, used in 1.82% of all logins. This lack of strong MFA adoption implies that more account attacks and takeovers, issues with regulatory compliances, and more are on the horizon for those not securing appropriately.
  • 24.15% of accounts in an average enterprise are reportedly dormant, i.e. some of the lowest-hanging fruit for eager attackers. Oort emphasizes the cleanup of old accounts (and the double and triple checks necessary for admin accounts, in particular).
  • 79.87% of application accounts go unused every month, highlighting that users may have access to too many applications and sensitive data. Reining in the right permissions is key; unnecessary access can lead to excessive licensing and disturbances to data. Reducing user access and honing how visibility is granted can really help.

Overall, Oort’s research impresses how vital it is for enterprises to tighten visibility in order to decrease their attack surface, as well as the necessities of enforcing proper MFA and ensuring that IAM hygiene is not left poor, thus leaving accounts and more at risk.

“The vast majority of successful breaches in the past year were the result of account takeover, or ATO,” said Matt Caulfield, Oort’s founder and CEO. “The research illustrates just how easy enterprises are making it for attackers to target their identities and launch successful ATO attacks.”

“Organizations can easily decrease these risks,” Caulfield continued, “by prioritizing identity security, understanding their attack surface, tapping into IAM hygiene issue visibility, and setting up MFA compliance. You have to stay laser-focused in order to secure identities and stop account takeover.”

Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Related Articles

Expereo Chosen to Drive Global Connectivity for Carlsberg Group

By: Stefania Viscusi    12/7/2023

Brewery conglomerate Carlsberg Group has chosen intelligent internet company Expereo to help with its digital transformation.

Read More

CrowdStrike Brings AI-Driven Cybersecurity to Amazon Business

By: Stefania Viscusi    12/7/2023

CrowdStrike announced that it has officially launched its AI-powered cybersecurity solution, CrowdStrike Falcon Go, on Amazon Business.

Read More

Sotera SecurePhone, Powered by MetTel, Introduces Ultra-Secure Communication in Government and Enterprise Domains

By: Greg Tavarez    12/7/2023

The Sotera SecurePhone joins a growing, robust line-up of security offerings from MetTel that include a range of network and endpoint-based solutions.

Read More

CyberArk Introduces Enhanced Passkeys Authentication

By: Stefania Viscusi    12/6/2023

Identity security company CyberArk has announced a significant step in enhancing the passwordless authentication experience by introducing new passkey…

Read More

Telstra International's Global Managed Security Solutions Powered Up through Netskope Partnership

By: Greg Tavarez    12/6/2023

The expanded partnership between Telstra International and Netskope lets Telstra provide organizations worldwide with a comprehensive managed solution…

Read More