Phishing was the most common type of identity-related incident in 2022, according to a study by Identity Defined Security Alliance (IDSA), a non-profit, identity and security intelligence firm.
“With a spike in digital identities comes an increase in cyberattacks targeting them. By far the most significant reason behind this was employees unknowingly clicking on a phishing email,” according to the report.
The study interviewed 529 IT security and identity professionals from organisations with more than 1000 employees.
Phishing-led incidents had a direct business impact
Sixty-two percent of the respondents said they had an identity-related incident in 2022 that can be linked to phishing. Among these, 93% said they had suffered an email phishing attack.
A significant (49%) fraction also revealed spear phishing as a common type of their organisations experienced in the last year, with another 27% being the victims of vishing or smishing incidents.
Identity-related attacks were driven by additional factors, including employees using identical passwords for both their work and personal accounts, making up for 37% of such attacks.
Hackers utilising social engineering techniques, employees utilising non-authorised devices, and users sharing their credentials with colleagues also contributed, with each factor accounting for 31% of the attacks.
“For most attackers, the ultimate goal is to access and exfiltrate data, and the easiest way to access data is by exploiting an existing identity with pre-authorised access to sensitive data. This is driving both the increasing volume and increasing variety of identity-related attacks,” said Jack Poller, an analyst at ESG Global.
“And with this increasing volume comes increased awareness of the role identities play in attacker tactics, techniques, and procedures (TTPs), and increasing understanding of the importance of securing identities.”
Over two-thirds experienced direct business impact as a result of an identity-based attack in the last 12 months. “The most significant impact was the cost of recovering from the breach (39%), followed by distraction from core business (33%) and the negative impact on the company’s reputation (25%)”, the company added.
Securing identities remains a top priority
Eighty-six percent of the respondents have placed managing and securing digital identities as a top five priority, with 17% seeing it as the number one concern. Only 4% of businesses don’t see them as even a top 10 priority.
This increased focus is being driven by companies seeing a significant increase in the number of identities, according to the report.
The critical factors driving this increase were identified as the growing adoption of cloud applications (52%), the rise of remote working (50%), more mobile device usage (44%), and more third-party relationships (42%).
In response to such incidents, 58% of security teams triggered their existing incident response plan, and 57% also notified their management team.
The focus on contingency has also seen a spike, as the majority of businesses (80%) expressed interest in cyberinsurance for identity-related incidents with 48% having already invested in some coverage.
“Due to the frequency of identity-related breaches, some cyberinsurance underwriters are taking identity security into account, both for providing cyberinsurance and for rate determination,” Poller said. “Specifically, some policies now require strong authentication – i.e., phishing-resistant or passwordless authentication.”