Identity at the Center Identity At The Center #44 - IDSA Report-Identity A Work In Progress
May 18, 2020
Jim and Jeff dive into the latest findings from the IDSA report, revealing that 94% of surveyed companies experienced identity-related breaches. They discuss the critical role of phishing and the importance of multi-factor authentication (MFA) in preventing these incidents. The duo examines the surprising prevalence of internal breaches and debates user education versus technical controls. With insights on the economics of attacks and emphasizing strict access controls, they underscore that investing early in identity management can significantly reduce the risk of breaches.
AI Snips
Chapters
Transcript
Episode notes
Identity Breaches Are Nearly Universal
- 94% of surveyed orgs experienced an identity-related breach, with 79% within two years, showing the ubiquity of identity risk.
- Jim McDonald emphasizes most breaches ultimately involve credentials and attackers "log in" rather than break in.
Make MFA The New Baseline
- Make multi-factor authentication (MFA) a baseline and enforce it for sessions and high-risk access paths.
- Jeff Steadman and Jim recommend adaptive prompts when new devices or risky sessions appear to block credential misuse.
Insider Risk Is A Major Vector
- About one-third of breaches are internal, including compromised insider credentials, so insider threat remains significant.
- Jeff Steadman notes internal incidents may include outsiders using stolen insider accounts, but identity is still the core vector.