New Research Underscores the Importance of Identity Security and MFA

New Research Underscores the Importance of Identity Security and MFA

By Alex Passett

MSPToday Editor and writer extraordinaire Greg Tavarez has penned many informative articles on cybersecurity for businesses; particularly regarding passwords and multi-factor authentication (MFA) best practices. (And, unfortunately, how hackers and other bad actors attempt to circumvent securities to further their own malicious gains.) As Tavarez has pointed out, these are real, ongoing problems in need of quick-to-address solutions.

Oort, a provider of identity-centric enterprise security (i.e. via smart remediation actions and a full suite of reliable and comprehensive identity threat detection, response, and prevention tools) recently released the findings of its State of Identity Security Report, available in full here. A thorough analysis that references data from more than 500,000 identities, Oort’s research takes a close look at the challenges organizations face with regard to securing their identity attack surface. The most common Identity and Access Management (IAM) hygiene challenges leaving organizations at risk, in addition to the most commonly used techniques attackers take advantage of, are all detailed therein.

Though not limited to these alone, Oort’s important takeaways include:

  • 40.26% of accounts in an average enterprise are either using weak second factors, or none at all. This leaves them highly vulnerable to phishing, social engineering, etc.
  • Phishing-resistant second factors were only, unfortunately, used in 1.82% of all logins. This lack of strong MFA adoption implies that more account attacks and takeovers, issues with regulatory compliances, and more are on the horizon for those not securing appropriately.
  • 24.15% of accounts in an average enterprise are reportedly dormant, i.e. some of the lowest-hanging fruit for eager attackers. Oort emphasizes the cleanup of old accounts (and the double and triple checks necessary for admin accounts, in particular).
  • 79.87% of application accounts go unused every month, highlighting that users may have access to too many applications and sensitive data. Reining in the right permissions is key; unnecessary access can lead to excessive licensing and disturbances to data. Reducing user access and honing how visibility is granted can really help.

Overall, Oort’s research impresses how vital it is for enterprises to tighten visibility in order to decrease their attack surface, as well as the necessities of enforcing proper MFA and ensuring that IAM hygiene is not left poor, thus leaving accounts and more at risk.

“The vast majority of successful breaches in the past year were the result of account takeover, or ATO,” said Matt Caulfield, Oort’s founder and CEO. “The research illustrates just how easy enterprises are making it for attackers to target their identities and launch successful ATO attacks.”

“Organizations can easily decrease these risks,” Caulfield continued, “by prioritizing identity security, understanding their attack surface, tapping into IAM hygiene issue visibility, and setting up MFA compliance. You have to stay laser-focused in order to secure identities and stop account takeover.”

Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Related Articles

Wildix Integrates into HubSpot App Marketplace

By: Greg Tavarez    2/23/2024

Wildix announced their official listing in the HubSpot App Marketplace, an ecosystem of valuable third-party integrations.

Read More

1Password Locks Down Anywhere Workforce with Kolide Acquisition

By: Greg Tavarez    2/23/2024

1Password acquired Kolide, known for device health and contextual access management, to strengthen its position in securing the modern, hybrid workfor…

Read More

Partner Confidence and Fast Support: Why MSPs Choose Wildix

By: Greg Tavarez    2/21/2024

At MSP Expo 2024, a meeting with Tim TrueLove in the exhibit hall led to a discussion of what Wildix brings to MSPs.

Read More

MSPs Must Better Educate Clients Against Cyber Threats

By: Greg Tavarez    2/20/2024

Walt Czerminski, partner, Fortium Partners, led a panel discussion at MSP Expo 2024 featuring Ragav Khosla, manager, channel solutions consultants Ame…

Read More

Cybersecurity Preparedness Gaps Remain

By: Stefania Viscusi    2/20/2024

More than half of companies faced significant security incidents in the past year.

Read More