The rise of identity-related cyberattacks: costs, challenges and the role of AI
Identity-related cyberattacks are the stealth predators of the cybersecurity landscape and pose an unprecedented threat to organizations worldwide. According to a recent report titled “2024 State of Passwordless Identity,” 78% of organizations have been the target of such attacks in the past 12 months. This alarming statistic underscores the urgent need for effective identity management security measures.
The financial damage caused by identity-related breaches is a global crisis, costing billions of dollars every year. The alarming cost of authentication attacks varies across the world – last year it averaged $5.58 million globally ($6.4 million in the US and $4.99 million in EMEA). The damage from identity fraud alone cost organizations an average of $2.78 million annually ($4.34 million in the US, $2.52 million in EMEA), underscoring the urgent need for robust identity security measures. These figures paint a grim picture of the economic havoc wreaked by cybercriminals who exploit vulnerabilities in identity systems.
What factors contribute to these breaches? The ongoing trend of credential abuse and authentication weaknesses is the root cause of the majority of organizations being attacked. Despite the frequency of these attacks, only half of organizations worldwide lack confidence in their ability to detect a breach, leaving organizations vulnerable to ongoing and subsequent attacks.
The complexity of authentication processes also poses a major challenge. On average, employees in the US and EMEA use four different types of authentication methods every day. This complexity can lead to frustration and inefficiency. To make matters worse, most employees in the US and EMEA have to wait up to three hours for their identity to be confirmed by the service desk. However, password-related issues account for about a third of IT help desk spending. These vulnerabilities impact productivity and underscore the need for more efficient and user-friendly authentication solutions.
Co-founder and CEO, HYPR.
The AI and cybersecurity paradox and the need for deterministic identity controls
In recent years, the increase in IT security attacks has forced organizations to quickly overhaul their identity security systems. Organizations are deploying AI tools to prevent attackers from exploiting poor defenses. While AI can improve security measures, it is not a panacea. Identity assurance remains a critical priority. Without it, organizations are vulnerable to breaches, loss of efficiency, and doubts from both customers and internal parties. To address evolving threats and improve security, organizations must make a fundamental shift toward deterministic identity controls.
Generative AI is a double-edged sword in identity security. While 60% of organizations worldwide consider it a major threat, 75% of companies believe it offers a strategic advantage over cybercriminals. This paradox highlights the dual role of AI in cybersecurity: both a significant threat and a powerful defensive tool.
The shift towards passwordless adoption and seamless identity verification
Misuse of credentials or weak authentication methods are often cited as the most common cause of a breach – in 2022, this figure rose to 82%. This alarming statistic underscores the continued need for robust identity protection measures. Traditional authentication methods such as passwords are increasingly vulnerable to sophisticated attacks. Cybercriminals exploit these weaknesses, causing significant financial damage and reputational loss to companies.
Adopting passwordless practices is becoming an important strategy in the fight against cyber threats. By eliminating passwords, companies can significantly reduce the likelihood of permission-based attacks. Passwordless authentication methods such as biometrics and hardware tokens provide a higher level of security and a more secure user experience.
Furthermore, frictionless identity verification is essential to maintain security without compromising the user experience. Traditional verification methods often introduce friction, leading to user frustration and potential security vulnerabilities. Frictionless identity verification uses advanced technologies such as AI and machine learning to prove that someone is who they claim to be. This approach increases security and improves user satisfaction and trust.
The role of deterministic identity controls and the costs of inaction
Organizations must implement deterministic identity controls to address the evolving threat landscape. Unlike probabilistic methods that rely on statistical models and predictions, deterministic controls provide a higher level of accuracy. With these controls in place, it is possible to reduce the likelihood of unauthorized users accessing sensitive data.
The cost of inaction on identity security is significant. Breaches due to credential misuse and authentication weaknesses can cost organizations millions of dollars annually. Aside from financial losses, breaches undermine stakeholder trust and damage an organization’s reputation. It is clear that organizations need to take urgent action to improve their identity security frameworks.
As the cybersecurity landscape continues to evolve, identity security strategies must also evolve. It cannot be overstated how important it is to stay ahead of new threats and implement innovative solutions. While AI will undoubtedly play a significant role in the future of identity security, robust deterministic controls and a focus on identity assurance are important additions.
In summary, the rise in IT security attacks has highlighted the need for organizations to revise their identity security frameworks. While AI offers significant potential, it is not a panacea. Identity assurance is essential, and organizations must prioritize deterministic identity controls to address evolving threats and improve security. By adopting identity-first security strategies, prioritizing the adoption of passwordless systems, and implementing frictionless identity verification, organizations can improve their security posture and protect themselves from the ever-evolving threat landscape.
We list the best cloud antivirus programs.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we highlight the best and brightest minds in technology today. The views expressed here are those of the author and do not necessarily reflect those of TechRadarPro or Future plc. If you are interested in contributing, you can find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro