Phishing, stolen identities, and weak passwords were the leading causes of data breaches in 20181, placing users and their credentials at the forefront of your network defenses. This reality hasn’t caught up with most organizations, though. According to Gartner, companies were predicted to spend $96.3 billion on security in 2018. Yet, only $4.7 billion was supposed to go towards identity and access management, while the rest was supposed to go towards infrastructure protection, network security equipment, security services, and consumer security software2. Spending more on segments like security services and infrastructure protection may have been adequate a decade ago, but today’s prevalent cloud-forward IT environments call for an approach that takes identity security more seriously. Those who have experienced a data breach would agree, with 68% of executives acknowledging that a larger investment in identity and access protection could have helped in preventing a breach3.
After all, consider this:
191 accounts used by the average user
10% of those accounts are controlled by IT**
61% of users leverage same or similar passwords across all online resources*
123456 & password are the top 2 most popular passwords of 2018***
446 million records were exposed in 2018 alone.†
With the number of records exposed in 2018, that’s enough to have affected the entire U.S. population and then some. This means that a majority of your employees have compromised credentials. To make matters worse, over half of your employees are using the same passwords across accounts, and those are supposed to guard access to your company’s data. So, it’s only a matter of time before a hacker finds one of your employee’s reused passwords from the 1.4 billion available on the dark web7 and uses it to try to gain access to your digital assets. If you do have identity security in place, more than likely you are utilizing an antiquated solution that is putting you in a weak position to defend your digital kingdom. If you don’t have any identity management solutions in place, you are open to a world of risk and expense.
So, why are 60% of execs who haven’t experienced a breach still expecting to allocate most of their security budget to creating a strong perimeter even though the number one attack vector is identities3? Why are legacy identity management solutions no longer sufficient? The answer to both of these questions requires a deep dive into why it’s time to take identity security seriously.