There is one important truth that organizations need to face right now: the number and nature of digital identities is changing, and these changes pose a direct risk to enterprise IT security.
According to the recently published 2024 Trends in Securing Digital Identities report from the nonprofit Identity Defined Security Alliance (IDSA) – for which BeyondTrust is a proud supporter and member, 90% of organizations experienced at least one identity-related incident in the past year. This figure has held steady, at 90%, since 2023. Moreover, 84% of identity stakeholders that incurred an identity-based breach over the past year said they suffered a direct business impact as a result, up from 68% who said this in 2023. The most prevalent breach impact cited (52%) was distraction from the core business.
It’s not pure coincidence that the rise in number and complexity of identities has coincided with a rise in identity-related breaches. Identities are increasing both in type and number, and this changes the dynamic of identity protection.
The new edition of the IDSA report, which they publish annually, also revealed some intriguing stats related to how organizations are (and should be) responding to identity-based threats and the changing landscape. This blog will break down the key findings from this year’s report to help you understand:
- The source of highest identity-based risk for organizations
- Core impacts of an identity-related breach
- Details on the identity security implementation trends across organizations
- Proven key strategies to help with identity-related threat prevention.
- How cybersecurity best practices can help in obtaining cyber insurance coverage
- How the growing adoption of Artificial Intelligence (AI)/Machine Learning (ML) technologies can bolster threat detection efforts, and how passwordless solutions might improve defenses.
This blog is meant to be a comprehensive guide to the state of identity security in 2024.
Identity-Based Attacks: This Year’s Findings
This year’s IDSA report findings painted a jarring picture of the growing complexity of identity management and its impact on organizations. Here’s a more detailed breakdown of the key factors contributing to this trend, as outlined in the 2024 Trends in Securing Digital Identities report.
With identity sprawl, the number of identities organizations manage continues to grow. Phishing attempts account for almost two-thirds of identity-related incidents. An astonishing 84% of identity stakeholders said identity-related incidents directly impacted their business, up from 68% in 2023, and security outcomes remain a work in progress.
How would you characterize the importance of effectively managing and securing digital identities within your company’s security program in 2024?
According to the report, 98% of businesses see securing identities as a top 10 priority. This trend of increasing priority is a positive recognition of the importance of identity.
More than half of respondents (51%) said they now see securing identities as a top 3 priority, and 22% of businesses see it as the number one priority of their security program, up from 17% in 2023.
![](https://assets.beyondtrust.com/assets/documents/Importance-of-Identity-Security.png)
IDSA found 93% of responding businesses are focusing on managing identity sprawl, with 57% saying it’s a ‘major’ focus.
The increased focus on securing digital identities is not surprising given the emergence of identity sprawl. The 2023 Microsoft State of Cloud Permissions Report found that workload identities outnumber human identities 10:1. Additionally, the #1 ranked threat to cloud computing is insufficient controls around identities, credentials (passwords, keys, etc.), access, and privileged accounts, according to the non-profit Cloud Security Alliance (CSA).
Identity sprawl refers to the uncontrolled expansion and proliferation of user identities and access credentials within an organization's IT environment. It occurs when users accumulate multiple accounts, permissions, and access rights across various systems, applications, and services without proper management or oversight.
We all have a unique identity. When translated to technology, we have more than one account associated with our identities, and threat actors target our accounts to infiltrate an environment. If you consider how many accounts an individual may have to perform their role within an organization, protecting users’ identities is one of the best strategies to prevent identity based attacks. After all, today it is easier for a threat actor to login versus hack in, and any single account could result in a path to privileged access if not properly monitored and secured.
This increase in digital identities comes with the cost of a growing attack surface, and the subsequent increase of cyberattacks exploiting them.
Top Identity-Based Breaches of 2024
Now that we’ve peeked at what’s driving the proliferation of identities, let’s take a closer look at the specific types of identity-related breaches most often reported by organizations in 2024, along with the best ways to protect your organization against them.
Below is the IDSA’s breakdown of the different types of identity-related incidents organizations incurred over the past year.
![](https://assets.beyondtrust.com/assets/documents/2024-Identity-Related-Incidents.png)
1. Phishing
As the figure above illustrates, the most commonly experienced identity security incident in 2024 was phishing, at 69% (up from 62% in 2023).
This isn’t a coincidence. According to the quarterly APWG’s Phishing Activity Trends Report, they observed almost 5 million phishing attacks by the end of 2023, making it the worst year on record.
What are Phishing attacks and their risks?
Phishing attacks are a prime entry point for threat actors. These attacks often succeed in the initial compromise of an environment, usually with a malicious link or attachment, and then commonly perform information gathering, which can be used later to exploit a weakness that presents itself.
What are the top ways to mitigate the risk of phishing attacks?
- Enforce frequent installation of updates company-wide to ensure the latest security patches are in place
- Implement least privilege access and removal of admin rights
- Deploy SPAM filters and firewalls to intercept malicious emails before they reach a user’s inbox
- Provide regular training to all employees so they can better identify and report phishing attempts.
2. Stolen Credentials
Employee behavior continues to affect identity-related incidents. Most organizations are concerned about employees using corporate credentials for social media, at 89% of respondents.
![](https://assets.beyondtrust.com/assets/documents/misused-credentials.png)
Additionally, 37% of the organizations surveyed by the IDSA reported that stolen credentials resulted in a breach, making poorly managed credentials the second-leading cause of breaches in 2024.
Poor password hygiene
Compromised passwords remain a common way to hijack accounts and breach networks. The IDSA report identified passwords as a critical point when it comes to identity security.
What are the top credential-based risks?
Passwords are one of the weakest links when it comes to enterprise cybersecurity. Compound this with poor password management policies, the surge of technology devices and applications being used by each employee, and the fact that threat actors are becoming increasingly more sophisticated, and you have a perfect storm railing against your cybersecurity infrastructure. A breach of credentials can have serious implications for an organization, including:
- Enabling account hijacking, potentially one with privileges, entitlements, or permissions
- Enabling lateral movement of threats within the network
- The compromise of multiple systems, accounts, and users
- The launch of ransomware and other malware attacks
- Threat actors gaining access to funds, sensitive data, intellectual property, and/or customer information
- Data breaches
What are the top mistakes organizations make when it comes to passwords?
- Common and reused passwords
- Embedded credentials
- Default credentials
- Shared credentials
- Reused security questions
- Lack of automated password managers
Top ways to reduce the risk of password-based attacks
Since it may not be possible to go fully passwordless, here are the best practices for mitigating the risk of password attacks:
- Use enterprise password management software
- Discover and onboard all passwords
- Create long, random, unique passphrases (NIST recommends up to 64 characters, including spaces)
- Enforce the prevention of password reuse or credential sharing
- Implement multi-factor authentication (MFA)
- Implement password rotation (only for privileged credentials, or for standard user credentials that are compromised or at risk)
3. Brute force attack, including password spraying or credential stuffing
Brute force attacks are a common cyberthreat. These attacks involve attempts to gain unauthorized access by systematically trying numerous password combinations. Brute force attacks, including credential stuffing and password spraying attacks came in third from the top (35%) on the list of identity-related breaches experienced by organizations this year. Another 32% of the organizations surveyed reported social engineered passwords as a source of breach they’ve encountered in 2024, and 33% when it came to compromised privileged identities. These provide the most sensitive and broadest access, so their compromise or misuse causes the biggest impact. This helps corroborate
Forrester Research’s estimate that 80% of breaches involve compromised or abused privileged credentials.
Brute force attacks can be particularly effective when leveraging techniques such as password spraying and credential stuffing. Understanding the risks associated with these methods and implementing effective mitigation strategies is crucial for protecting digital identities.
What are Common Types of Brute Force Attacks?
- Password Spraying: Attackers use a few common passwords across many accounts to avoid detection. This method takes advantage of users who employ weak, easily guessable passwords.
- Credential Stuffing: Using credentials obtained from other breaches, attackers automate login attempts on multiple sites. This exploits users who reuse passwords across different services, significantly increasing the risk of unauthorized access.
Top Ways to Mitigate Brute Force Attacks
- Implement Multi-Factor Authentication (MFA): Adds an extra layer of security, ensuring that even if passwords are compromised, unauthorized access is prevented.
- Use Strong Password Policies: Enforce the use of complex passwords and regular updates to reduce the risk of easily guessed or cracked passwords.
- Deploy Account Lockout Mechanisms: Limit the number of login attempts and lock accounts after several failed attempts to thwart automated attacks.
- Monitor and Analyze Login Attempts: Use security tools to track and respond to suspicious login patterns indicative of brute force attacks.
4. Compromised Privileged Identity
Coming in at the fourth spot, compromised privileged identities accounted for 33% of security incidents in the 2024 report, up from 28% in 2023.
Breaching an organization’s network via a privileged account gives an attacker fast-tracked access to the sensitive data a standard user would not have access to. It also becomes easier for an attacker to execute lateral movement, escalate privileges, change settings, implement malware, and hijack other accounts.
Top ways to protect privileged identities include:
- Implement privileged access management (PAM) solutions and processes to manage, protect, and audit privileged identities, accounts, and access.
- Onboard and manage all privileged accounts and credentials for humans, machines, employees, and vendors.
- Remove admin rights and enforce least privilege and just-in-time access (both of these are considered critical to a zero-trust security posture).
- Closely monitor privileged sessions and other privileged analytics.
The combined increase in identities, the growth of cloud environments, and erosion of the network perimeter have all contributed to the explosion of unmanaged identities, access, and sessions—and wherever unmanaged credentials reside exists a high risk of exploitation.
Let’s look at which identity-related incidents fell under the umbrella of inadequate management of privilege in 2024:
- Brute force attack, including password spraying or credential stuffing (35%)
- Compromised privileged identity (33%)
- Social engineering password (32%)
- Third-party or supply-chain attack (28%)
- Man-in-the-Middle Attack (23%)
- Insider attack (22%)
5. Social engineered passwords
This year, 23% of the organizations surveyed by the IDSA reported experiencing a threat actor socially engineer a password. This type of cyberattack involves manipulating individuals into divulging their passwords, often through deceptive tactics like phishing, pretexting, or impersonation. Social engineering exploits human psychology rather than technical vulnerabilities, making it a particularly insidious threat.
What are the top risks associated with a socially engineered password?
- Phishing: As we covered earlier in the blog, is when attackers trick individuals into providing their passwords by pretending to be legitimate entities, often via email or fake websites.
- Pretexting: Involves creating a fabricated scenario to obtain confidential information from the victim, such as pretending to be a colleague or IT support.
- Impersonation: Attackers pose as trusted individuals or organizations to gain the victim's trust and elicit sensitive information, including passwords.
Top ways to mitigate the risk of threat actors socially engineering your password / credentials:
- Implement phishing-resistant multi-factor authentication (MFA), like FIDO2
- Enforce least privilege, such as with PAM tools. Removing admin rights, implementing application control, and minimize any unnecessary permissions or entitlements limits an attacker’s ability to make malicious changes (to settings or by adding malware), or move laterally.
- End-to-end encryption
- User behavioral monitoring and alerting
- Continual authentication and verification of identities (a key tenet of zero trust security principles)
- Routinely rotate privileged credentials or generate dynamic secrets, enforce the creation of complex passwords, discourage password reuse across different accounts, and employ the proper check-in and check-out of highly coveted privileged credentials, preferably using an enterprise-grade password management solution.
One of the most egregious recent examples of threat actors employing a successful socially engineering attack, where the attackers simulated an entire video conferencing environment with the use of deepfake technology to perpetrate a $25.6 million heist in Hong Kong. This incident provided a Black Mirror-esque example of how attackers are leveraging AI to up-level modern social engineering attacks.
Another attack method that is increasing in popularity among threat actors involves social engineering the help desk to bypass MFA. Okta recently issued a warning about threat actors, such as ALPHV, Scattered Spider, LAPSUS$, and others, using social engineering tactics like this one to gain access to highly privileged “super admin” roles in Okta customer tenants.
Even when stronger phishing resistant MFA, such as FIDO2, are used, attackers are approaching help desk technicians and talking their way around security defenses, leveraging basic information about a user to request the account MFA be reset. Once the help desk resets the account, the attacker can bypass MFA entirely or enroll a device that is under the attacker’s control as the second factor. In extreme cases, an attacker might even be able to get both the password and the MFA reset.
What were the biggest impacts of identity-based attacks on organizations in 2024?
![](https://assets.beyondtrust.com/assets/documents/Business-Impacts-of-Identity-Related-Breaches.png)
According to the 90% of organizations in the IDSA survey who recorded an identity-related breach in 2024, the top impacts were:
- Significant distraction from core business (52%), due to the recovery time from damages and disruption, implementation of repairs, and providing employees with any required additional training.
- Cost to recover from breach (47%), which can be compounded by the need to purchase additional equipment or software.
- Negative impact on reputation (26%), which can include a loss of confidence from stakeholders.
- Loss of revenue (26%).
- Customer attrition (24%).
- Lawsuits or other legal action (17%).
How many times did your company invoke incident response plans for an identity-related incident in the past year?
The surprising rise in the frequency of organizations invoking their incident response plans is noteworthy, with the number nearly doubling this year to 91%. Additionally, 48% of organizations reported invoking their plans more than once.
![](https://assets.beyondtrust.com/assets/documents/Incident-Response-Planning.png)
What barriers prevent your company from doing more to secure identities?
The IDSA research also highlighted key challenges that hamper security teams from improving their organization’s identity security. In 2024, the top two reasons, both at 38%, were ‘complex technology environments’ and ‘insufficient budget’. Respondents also indicated ‘not enough people,’ at 34% (up from 25% the previous year).
![](https://assets.beyondtrust.com/assets/documents/Barriers-to-identity-security.png)
Interestingly in the fourth spot, was ‘Identity frameworks are complicated, with multiple vendors and different architectures’, at 30% of respondents. This stat speaks volumes to security professionals’ frustration with technology sprawl and complexity in their organizations.
How could organizations have prevented or minimized business impact for identity-based attacks in 2024?
The IDSA survey respondents identified the following three security strategies as being most likely to have prevented the breaches they experienced:
- Implemented multifactor authentication (MFA) for all users (43%)
- More timely reviews of access to sensitive data (38%)
- More timely reviews of privileged access (38%)
![](https://assets.beyondtrust.com/assets/documents/Minimizing-the-impact-of-identity-security-incidents.png)
It’s worth noting that most of the preventative measures indicated by the respondents point to a single solution: privileged pathway management. More timely reviews of sensitive data (38%), more timely reviews of privileged access (38%), continuous discovery of all user access rights (35%), granting privileged access according to the Principle of Least Privilege (34%), and continuously discovering all privileged access rights (32%) can all be performed through privileged pathway management and the removal of admin privileges.
Not only that, but the BeyondTrust platform, particularly Identity Security Insights, can facilitate the implementation of the top 3 security strategies the IDSA respondents identified would have prevented or minimized the business impact of incidents.
Identity Security Insights can identify accounts or identities with MFA, or the lack thereof, while Privileged Remote Access and Remote Support can add phishing-resistant, two-factor authentication (2-FA), like FIDO2, further protecting vulnerable identities and their access.
Some of these preventative security strategies (continuous discovery of privileges and the removal of privileges in response to high-risk events) can even be automated with the right Privileged Access Management (PAM) solution.
Which of the following is your company investing the most in over the coming year?
![](https://assets.beyondtrust.com/assets/documents/Highest-identity-Security-investments.png)
A whopping 99% of businesses surveyed plan to further invest in security outcomes in the next 12 months, up from 97% in 2023. Topping the list is ensuring more timely reviews of privileged access (50%) and access to sensitive data (43%). Businesses are also increasing investment in MFA for all users (37%) and evaluating user behavior for authentication (34%).
Cyber Insurance for identity-related attacks
As organizations confront heightened risks posed by data breaches and other cyberattacks, cyber insurance has become an increasingly leveraged tool for mitigating the financial ramifications of such events.
The IDSA report showed that the majority of businesses (89%) are somewhat or very concerned that new privacy regulations will impact their identity security. This remains consistent with last year and may be why cyber insurance for identity-related incidents remains consistent, with 52% of businesses having already invested and 29% planning to, similar to last year.
![](https://assets.beyondtrust.com/assets/documents/Cyber-Insurance-for-Identity-Related-Incidents.png)
Cybersecurity organizations can often benefit from cyber insurance by leveraging it as a risk transfer mechanism. By obtaining cyber insurance coverage, organizations can mitigate the financial impact of potential liabilities arising from cyber incidents related to their own services. This not only safeguards their financial stability, but can also enhance their credibility and market position as they demonstrate a proactive approach to risk management and a commitment to protecting their clients' interests.
Looking ahead: how artificial intelligence and machine learning (AI/ML) capabilities can bolster identity security
The rapid rise of artificial intelligence (AI) in recent years has transformed various industries, revolutionizing the way we interact with technology. From self-driving cars to virtual assistants, AI permeates our daily lives. The cybersecurity industry is no exception; it has begun to recognize the potential of AI and machine learning (ML) to address evolving security challenges.
Organizations are leveraging AI-powered solutions to detect and prevent sophisticated cyberattacks, showcasing the transformative power of intelligent technologies in bolstering cybersecurity efforts. By looking toward an AI-centric future, the industry aims to enhance the safeguarding of digital infrastructure amidst the ever-growing complexity of threats.
The market size of artificial intelligence in cybersecurity is estimated to reach 22.4 billion USD in 2023 and is projected to grow to 60.6 billion USD by 2028, exhibiting a compound annual growth rate (CAGR) of 21.9% during the period from 2023 to 2028. This significant growth can be attributed to various factors, including the rising instances of cyber threats, heightened vulnerability of Wi-Fi networks to security risks, increased adoption of the Internet of Things (IoT), and the ever-growing number of connected devices.
This is why it’s no surprise that 97% of IDSA survey respondents this year reported AI/ML will be beneficial for identity-related use cases in their organizations. The top use case perceived as having the most benefit was ‘Identifying outlier behaviors’ (71%), closely followed by ‘Evaluating alert severity in the SOC’ (60%) and more efficient admin, onboarding, and offboarding (56%).
![](https://assets.beyondtrust.com/assets/documents/AI-ML-and-Identity-Security-Capabilities.png)
How to Improve Your Identity Security with BeyondTrust
Maintaining a centralized, holistic view over all identities, accounts, and privileged access across your entire IT estate is crucial. At BeyondTrust, we champion this approach, which is why we built Identity Security Insights. This product is designed to provide a comprehensive view of all identities, paths to privilege, and more. By leveraging threat intelligence recommendations, you can improve your identity security posture, reduce the attack surface, and accelerate incident investigation and response.
One of the top use cases identified by organizations is 'identifying outlier behaviors,' with 71% highlighting its importance. Preventative measures such as more timely reviews of sensitive data (38%), more timely reviews of privileged access (38%), continuous discovery of all user access rights (35%), and granting privileged access according to the Principle of Least Privilege (34%) can be effectively managed through privilege management.
Some security strategies, like continuous discovery of privileges and the removal of privileges in response to high-risk events, can even be automated with the right Privileged Access Management (PAM) solution.
To address the rapidly growing number of identity-related threats, organizations should prioritize prevention through strong security measures, least privilege access, regular employee training, and monitoring privileged sessions.
BeyondTrust's Privileged Access Management can help you qualify for cyber insurance and secure the best rates, while drastically reducing your cyber risk. PAM solutions provide essential capabilities, including least privilege enforcement, privileged account and credential management, and remote access security—all common criteria for cyber insurance approval.
For a deeper dive into these insights, get your free copy of the 2024 Trends in Securing Digital Identities report. Or contact us to learn how you can implement intelligent identity and access security solutions to protect your organization from advancing identity-security threats.
![Photograph of Allen Longstreet](https://assets.beyondtrust.com/assets/images/user-photos/_people/MicrosoftTeams-image.png?auto=format&q=80)
Allen Longstreet, Content Marketing Writer
Allen is a content marketing writer at BeyondTrust. He has a wealth of experience building content strategy for tech start ups and SAAS businesses. He has a passion for video production, creative storytelling, and the intersection between the two.