Threats against identities and their protections are worsening. Cybercriminals are more interested in stealing and abusing compromised credentials, organizations often can’t detect exposed credentials on the dark web, and visibility into the actions and behaviors of service accounts is lacking. Threat actors are increasingly leveraging social engineering for compromising credentials. Internally, most organizations lack the optics and processes to detect identity-led threats.

New identity security solutions are emerging to protect identities—both human and non-human—by layering additional protections on identity and access management tools. These include solutions for visibility, governance, and autonomous remediation. While the organizations in this research claim high maturity for current identity security deployments, evidence of high maturity is lacking for most. All organizations must urgently revisit their identity security protections, deploy new or advanced solutions to strengthen identity security posture, and reduce exposure to the negative implications of identity-led threats.

KEY TAKEAWAYS

The key takeaways from this research are:

• Identity-led and identity-implicated threats are escalating
  72.1% of the organizations in this research say that the threat level of 15 identity-led and identity-implicated cyberattacks has increased or remained unchanged over the past 12 months. The use of AI by threat actors to create highly personalized attacks had the most significant increase.


• The importance of identity security technologies is rising rapidly
  Across 22 identity-related capabilities, average importance is anticipated to increase from 47% two years ago to 68.1% in two years. The ability to detect identity misuse persists as the most important capability, and capabilities that enable the rightsizing of access rights increase in importance the most.


• Claims of high maturity in identity security deployments lack supporting evidence
  68.7% of organizations claim their current identity security deployments are mature, yet flow-on outcomes undermine this assertion. Organizations claiming high maturity would be well advised to check alignment with actual outcomes—and take the necessary steps to address systemic weaknesses.


• Improving visibility into identity threats is fundamental
  Over three quarters of organizations have less than full and complete visibility into 14 different identity threats and security fundamentals. Lack of visibility into identity vulnerabilities is a critical shortcoming to address because identity-led attacks start with just one compromised identity-related asset, such as a credential for sale on a dark web forum. Enhanced visibility combined with automated detection and remediation of compromised credentials is essential for closing this gap.


• Identity configurations in identity platforms need resilience and recovery options
  Identity configuration data—especially in platforms like Microsoft Entra ID—is a blind spot in many security strategies. Organizations must back up identity platforms as they would any other critical system to ensure resilience and recovery.