The article also suggests strategies to improve identity security, such as having the identity team report to security, understanding and addressing identity security gaps, and implementing a "least privilege" access approach. Kovetz concludes by urging security and business leaders to prioritize protection and prevention in their future planning and budgeting, to meet regulatory guidelines and enhance their organizations' security postures.
Key takeaways:
- 83% of organizations have experienced data breaches involving compromised credentials, and 65% haven't implemented multifactor authentication (MFA) where it matters, leaving their identity security posture vulnerable.
- Existing identity security solutions like MFA and privileged access management (PAM) are unable to secure a significant portion of critical resources such as legacy systems, command-line interfaces and IT/OT infrastructure.
- Security leaders need to take a more proactive approach that focuses on real-time prevention of malicious access to meet stricter guidelines put in place by cyber insurance companies.
- Security and business leaders should prioritize protection and prevention in a unified manner that transcends the IAM silos and applies it across every user, resource and environment to meet SEC guidelines and ensure their organizations' security postures are at their best.