Identity-related Breaches: A Growing Cyber Threat
Identity-related breaches have become a leading factor in enterprise cyberattacks. A recent Sophos survey of 5,000 security leaders found that seven in ten organisations suffered at least one identity-related incident in the past year. This highlights the urgent need for robust identity and access management across all sectors.
The Shift from Perimeter Security to Identity Protection
Traditionally, organisations focused on protecting network perimeters through firewalls and intrusion detection systems. However, the rise of cloud adoption, remote work and machine-to-machine connectivity has expanded the attack surface. Every credential, API key, service account and OAuth token now acts as a potential entry point for cybercriminals.
Why Identity is Now the Main Target
Attackers increasingly use identity as the main point of compromise. By exploiting credentials, hackers can bypass traditional security defences, move laterally within systems and access sensitive data much faster. Chester Wisniewski, Director, Global Field CISO at Sophos, explains that the cybersecurity perimeter is now defined by identity rather than physical boundaries.
- 70% of organisations experienced an identity-related breach in the last year.
- On average, organisations reported three separate identity incidents.
- Two-thirds of ransomware attacks began with identity compromise.
- Recovery costs ranged from $250,000 to $1.64 million per incident.
Impacts Across Critical Sectors
Identity-based attacks affect sectors vital to national infrastructure. Oil and gas, utilities and government agencies reported the highest breach rates. A successful identity attack can disrupt critical operations, cause financial losses and damage public trust. The cost of recovery further impacts budgets and resources, with a mean recovery cost of $1.64 million and a median of $750,000.
Human Error and Non-Human Identity Management Gaps
Many breaches stem from a combination of human mistakes and poor management of non-human identities. Only 24% of organisations regularly monitor for unusual logins, and fewer than one-third rotate non-human credentials such as API keys or service account passwords. These gaps give attackers opportunities to exploit overlooked vulnerabilities.
Strengthening Identity and Access Management in Organisations
Organisations must prioritise identity security to reduce risk and prevent costly breaches. The Sophos report offers several recommendations for improving identity protection.
Key Steps to Enhance Identity Security
- Implement Multi-factor Authentication (MFA): Require MFA for all users, especially privileged accounts and sensitive systems.
- Monitor for Anomalous Logins: Set up alerting for unusual login patterns, such as access from unfamiliar locations or devices.
- Regularly Rotate Credentials: Change passwords, API keys and service account credentials at frequent intervals to limit exposure.
- Audit Access Rights: Review and update user permissions to ensure only authorised individuals have access to critical systems.
- Educate Staff: Train employees to recognise phishing attempts and follow best practices for secure credential handling.
Enhancing Security for Non-Human Identities
- Automate Credential Management: Use tools to manage, rotate and expire credentials for machine-to-machine connections.
- Limit Privileges: Apply the principle of least privilege to service accounts and automated processes.
- Monitor Machine Activity: Track activity from non-human identities and investigate unusual behaviour promptly.
Why Identity Security Matters for Every Organisation
Identity-related breaches are now a leading cause of ransomware and other serious cyber incidents. Attackers favour identity compromise because it offers a quick route to sensitive data and critical systems. The financial and operational impacts are significant, with high recovery costs and potential reputational damage. For organisations of all sizes, strengthening identity and access management is essential to safeguarding assets and supporting business continuity.
Adopting a Strategic Approach to Identity Security
- Assess Current Practices: Review how identities (both human and non-human) are managed and protected.
- Invest in Technology: Deploy solutions that automate monitoring, credential rotation and anomaly detection.
- Develop Policies: Create clear policies for credential management, access reviews and incident response.
- Engage Leadership: Ensure executive support for identity security initiatives and allocate appropriate resources.
Identity security is not just an IT issue. It affects overall organisational resilience, regulatory compliance and public trust. By proactively addressing identity risks, organisations can reduce the likelihood of breaches and position themselves for a safer digital future.
Originally reported by cybersecuritydive.com.
