Many IT Pros Doubt the Ability to Effectively Defend Against Identity Theft
Ninety-four percent of survey respondents said their company had an identity theft related security breach. Eighty percent said they had suffered a breach within the last year. Email phishing was the top security compromise cited by respondents. Stolen credentials, brute force password attacks, and social engineered passwords were also listed as top attack vectors.
Nineteen percent of respondents state their company has had an identity theft within the last year. Seventy four percent reported an incident with then last two years. And only six percent stated they has not had any identity theft.
The survey is concerned with two types of stolen identities. That of the corporate workforce identities – employees, privileged users, and partners. It also asked about the credentials for applications, online accounts, and hardware. The identities are not necessarily associated with a person. Both types of identities need to be protected from hackers.
The survey, conducted by Dimensional Research, included 1,000 companies. The 502 respondents were all security and identity professionals from a mix of industries, company sizes, and job levels. The respondents were asked to rate their confidence in their company’s overall ability to effectively manage and secure all types of identities and whether or not they were proactive about their strategies.
Most (99%) felt that the security breaches were preventable. When asked about confidence in their company’s overall ability to effectively manage and secure all types of identities.
• 74 percent reported that they are somewhat or not confident
• Only about one-quarter (26%) report they are very confident
Stolen identities are used to commit a variety of fraud. Stolen names and personal information can be used to collect more sensitive information like birthdates, governments IDs, as well as login credentials. When some identity is stolen it can result in monetary theft or medical fraud. Compromised identities from internet connected devices can be used to break into computers, corporate networks and move laterally through networks to steal access and credentials of more connected devices. Once a network in compromised it is possible to install malware that persists over long periods of time to exfiltrate sensitive corporate and personal information and information.
• 94% have had an identity-related breach
• 79% have had an identity-related breach within the past two years
• 99% believe their identity-related breaches were preventable
While the vast majority of the security and identity professionals (94%) surveyed have experienced an identity related breach, only 34% say their company has a forward-thinking security culture. Worse yet 59% reported their company was reactive.
Improved security awareness and training can help prevent identity theft. In fact, that training was the top area that 71 percent of respondents identified as important. But that is not the only process that can hep safeguard data. A better workplace security culture, improved technology, expertise to deploy technology all play a role in cyber security.
Brute force password attacks, phishing and, social engineering are not the only wats to steal credentials. Hacker also use malware, password spraying attacks to steal credentials. Data from previous breaches can be bough on the dark web.
Access the full report here.