Cases of identity theft, data breaches, and cyber fraud continue to rise, resulting in significant losses for those affected. As such, there is a lot of pressure on organizations to take proactive steps to ensure that they are using the latest and greatest techniques and technologies in order to adequately protect the credentials and other personal data they are entrusted with. After all, a failure to do so could result in costly lawsuits, fines, and damage to their reputation. Below is a round-up of the key identity security trends that will likely see in 2023.
Top Identity Security Trends
1. A stronger focus on remote access security
Since COVID-19 arrived on the scene at the beginning of 2020, a large number of employees began working from home, and many continue to do so. However, the transition happened quickly, and many organizations were not prepared for the security challenges that arose as a result. According to the following article, remote work has increased the average cost of a data breach by USD 137,000. The main problem with allowing employees to work from home is that it creates a larger attack surface because employees are accessing corporate resources outside of the traditional, secure environment. Increasingly sophisticated phishing attacks and ransomware are becoming more common, and so companies should invest in security awareness training, multi-factor authentication solutions, strong VPNs, and develop comprehensive data security policies and procedures.
2. A greater emphasis on security awareness training
Since 85% of data breaches are due to the “human element”, according to the 2021 Data Breach Investigations Report, there clearly needs to be a greater emphasis on training to ensure that all employees understand the threats they face, the potential consequences of a breach and how to recognize common cyber attack tactics. Training should cover topics such as phishing, malware, and ransomware, as well as basic security practices such as password hygiene and data safety. Training should also provide employees with the necessary resources for reporting suspicious activity.
3. An increase in demand for unified identity solutions
According to the 3rd Annual Global Password Security Report, by LastPass, SMB employees manage as much as 85 passwords, and employees at larger companies manage up to 25 passwords. Yet, only half of companies offer a single sign-on solution that would allows employees to sign in to more than one account with a single password. A unified identity solution reduces the need for multiple authentication solutions, making user authentication simpler and more secure.
4. An increase in adoption of MFA
Multi-factor authentication (MFA) requires users to provide multiple forms of authentication, such as a password and a one-time code sent to their phone, in order to gain access. This makes it much more difficult for hackers to gain access to corporate resources, as they must have multiple pieces of information. Microsoft has found that MFA blocks 99.9% of automated cyberattacks on their platforms and services, according to one of their blog posts. Yet, despite its effectiveness at preventing cyber-attacks, only about 11% of organizations use MFA overall. We will no doubt see an increase in the adoption of MFA in 2023.
5. More companies will shift towards the Zero Trust model
According to The State of Zero Trust Security 2021 report by Okta, Zero Trust has increased in priority for 78% of businesses, and this trend will no doubt continue in 2023. Companies are adopting the Zero Trust model to reduce the attack surface and ensure that access to corporate resources is granted only to those who need it, in accordance with the principle of least privilege (PoLP). This model requires users to authenticate before any kind of access is granted, and all access is monitored and controlled.
6. The use of distributed ledger technology for IAM
I have doubts that companies are going to start using distributed ledger technology for IAM in 2023. However, since many companies are exploring the possibility of using the blockchain for this purpose, I thought I’d add it to the list anyway. While there might be ways to use blockchain technology to improve identity security, it wasn’t designed for that purpose. The main problem that the blockchain was designed to solve was the “double-spend” problem, where a participant spends the same money twice. However, this is only relevant to financial transactions. When dealing with data, you can theoretically copy it and send it to whoever you want, as many times as you want. As such, the main benefit of using the blockchain to store personal data is negated. Another issue relates to permissions, as the blockchain is supposed to be permissionless. Sure, you can ask your users to authenticate to your centralized IAM solution in order register an identity, but so can attackers if they manage to compromise a traditional user account. One way or another, if a company wants to restrict access to their IAM solution, and thus their data, they will need the ability to approve accounts before they can be registered. Likewise, since the blockchain is an immutable ledger, it is not possible to remove accounts or data, and thus the “right to be forgotten” becomes irrelevant. There are many other reasons why the blockchain might not be suitable for the purpose of identity access management, such as its implementation costs, complexity, and scalability issues. That said, in the long term, distributed ledger technology (combined with personal data stores) might play an important role in data security – but it’s unlikely to be used in the way that people think.
7. Using AI/ML to bolster identity security
Artificial Intelligence (AI) and Machine Learning (ML) can be used to improve identity security by providing better analytics and predictive insights. AI and ML can be used to detect anomalous patterns in user behavior, continuously monitor access, and provide timely alerts and real-time responses when needed. Many modern real-time auditing solutions, such as the Lepide Auditor, use machine learning models to learn typical usage patterns, which can be tested against in order to identify and respond to anomalous events. They can also detect and respond to events that match a pre-defined threshold condition, such as when X number of login attempts fail within a given time frame. As increasingly more companies switch to a hybrid IT environment, the need for solutions that can aggregate and correlate event data from a wide range of sources will continue to climb.
How to Enhance Identity Security with Lepide
Lepide Data Security Platform offers various solutions to enhance identity security for organizations, such as:
- Auditing and reporting: Lepide allows companies to monitor and report on user activity, which can aid in identifying and addressing potential security risks or breaches. The Lepide Auditor can provide real-time insights into user actions and notify administrators of any suspicious activity.
- Access control: Lepide can assist companies in controlling and monitoring access to company resources and data, thus preventing unauthorized access or misuse of sensitive information and alerting administrators to potential threats.
- Threat detection and response: Lepide’s solutions include capabilities for identifying and responding to security threats, such as malware or ransomware attacks. These features can notify administrators of potential threats and provide tools to mitigate the impact of the threat.
- Reducing the threat surface: Lepide can identify inactive users, open shares, outdated data and other areas of risk that administrators can address. Archiving stale data, cleaning up inactive users, and removing open shares can all contribute to limiting the threat surface.
If you are interested in seeing how Lepide Data Security Platform can help bolster identity security, schedule a demo with one of our engineers.