New Research Underscores the Importance of Identity Security and MFA

New Research Underscores the Importance of Identity Security and MFA

By Alex Passett

MSPToday Editor and writer extraordinaire Greg Tavarez has penned many informative articles on cybersecurity for businesses; particularly regarding passwords and multi-factor authentication (MFA) best practices. (And, unfortunately, how hackers and other bad actors attempt to circumvent securities to further their own malicious gains.) As Tavarez has pointed out, these are real, ongoing problems in need of quick-to-address solutions.

Oort, a provider of identity-centric enterprise security (i.e. via smart remediation actions and a full suite of reliable and comprehensive identity threat detection, response, and prevention tools) recently released the findings of its State of Identity Security Report, available in full here. A thorough analysis that references data from more than 500,000 identities, Oort’s research takes a close look at the challenges organizations face with regard to securing their identity attack surface. The most common Identity and Access Management (IAM) hygiene challenges leaving organizations at risk, in addition to the most commonly used techniques attackers take advantage of, are all detailed therein.

Though not limited to these alone, Oort’s important takeaways include:

  • 40.26% of accounts in an average enterprise are either using weak second factors, or none at all. This leaves them highly vulnerable to phishing, social engineering, etc.
  • Phishing-resistant second factors were only, unfortunately, used in 1.82% of all logins. This lack of strong MFA adoption implies that more account attacks and takeovers, issues with regulatory compliances, and more are on the horizon for those not securing appropriately.
  • 24.15% of accounts in an average enterprise are reportedly dormant, i.e. some of the lowest-hanging fruit for eager attackers. Oort emphasizes the cleanup of old accounts (and the double and triple checks necessary for admin accounts, in particular).
  • 79.87% of application accounts go unused every month, highlighting that users may have access to too many applications and sensitive data. Reining in the right permissions is key; unnecessary access can lead to excessive licensing and disturbances to data. Reducing user access and honing how visibility is granted can really help.

Overall, Oort’s research impresses how vital it is for enterprises to tighten visibility in order to decrease their attack surface, as well as the necessities of enforcing proper MFA and ensuring that IAM hygiene is not left poor, thus leaving accounts and more at risk.

“The vast majority of successful breaches in the past year were the result of account takeover, or ATO,” said Matt Caulfield, Oort’s founder and CEO. “The research illustrates just how easy enterprises are making it for attackers to target their identities and launch successful ATO attacks.”

“Organizations can easily decrease these risks,” Caulfield continued, “by prioritizing identity security, understanding their attack surface, tapping into IAM hygiene issue visibility, and setting up MFA compliance. You have to stay laser-focused in order to secure identities and stop account takeover.”




Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE
Related Articles

LogMeIn Rescue, to the Rescue: Forrester Studies GoTo's Support Capabilities

By: Alex Passett    9/22/2023

Over a period of three years, a Forrester Total Economic Impact (TEI) study examined the business and financial benefits of LogMeIn Rescue, a flagship…

Read More

Canadian Managed IT Services Gear Up for Cybersecurity Awareness Month

By: Contributing Writer    9/22/2023

October, prominently known as Cybersecurity Awareness Month, is an annual observance and an intensified rally for Canada's premier IT service provider…

Read More

ITEXPO Exhibitor RingLogix Looks to TeamMate to Open New Possibilities for MSPs

By: Greg Tavarez    9/21/2023

The RingLogix and TeamMate collaboration enables MSPs to get the most out of Microsoft Teams as a collaboration solution.

Read More

Acronis Introduces Advanced Automation for MSPs

By: Stefania Viscusi    9/21/2023

Acronis Advanced Automation addresses a common challenge faced by MSPs, the increasing complexities businesses face with so many different initiatives…

Read More

Comprehensive Cybersecurity Solutions: Rackspace Taps Palo Alto Networks

By: Alex Passett    9/20/2023

Strengthening organizations' abilities to stay ahead of progressively evolving cyber threats and attackers is key. That's why Rackspace Technology has…

Read More