Authorization Condition of Identity Protection 2024: An Upheaval in Identity Protection Is Approaching

AndyC 24 October 2024

October 23, 2024The Hacker NewsIdentity Protection / Data Security

Identity protection is foreground, and center given all the recent breaches that involve Microsoft, Okta, Cloudflare and Snowflake to mention a few.

Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

October 23, 2024The Hacker NewsIdentity Protection / Data Security

Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Identity protection is foreground, and center given all the recent breaches that involve Microsoft, Okta, Cloudflare and Snowflake to mention a few. Entities are commencing to realize that a disturbance is requisite regarding the way we address identity protection both from a tactical but also a technological perspective. 

Identity protection is more than just allotting access

The traditional perspective of regarding identity protection as chiefly concerned with allotting and removing access for applications and services, frequently in a fragmented manner, is no longer adequate. This perspective was depicted as a wide concept in the Permiso Security State of Identity Protection Report (2024), which reveals that notwithstanding increasing levels of assurance in the capability to identify security risk, almost half of entities (45%) remain “worried” or “extremely concerned” about their existing tools being capable of detecting and safeguarding against identity protection assaults.

Identity Protection

The Permiso commissioned survey conducted during the summer, interviewed over 500 IT security and risk practitioners, with direct command or influence over security and risk decision-making. The discoveries signify that notwithstanding growing investment, maturity and reliance in cyber risk mitigation controls, entities remain worried in the face of evolving identity threats.

The principal perceptions encompass:

  • SaaS is perceived as the most unsafe atmosphere.
  • 93% of entities stated that they can list identities across all atmospheres, as well as track keys, tokens, certificates, and any alterations that are made to any atmosphere.
  • 85% can conclude “who is performing what” across fragmented authentication limits.
  • 45% remain “worried” or “extremely concerned” about their existing tools being capable of detecting and safeguarding against identity protection assaults.
  • 45% encountered an identity protection incident in the preceding year, with impersonation assaults being the primary risk vector.

Are you able to discover renegade identities?

Despite 86% of entities stating that they can identify their riskiest identities (human and non-human), nearly half (45%) encountered an identity protection incident in the preceding year, with impersonation assaults being the primary risk vector — disclosing that social engineering-based assaults persist to be a prevalent threat to entities.

Concerning the repercussions for those that were violated, targeting sensitive data, which encompassed personally identifiable information (PII) and intellectual property (IP), headed the list for 54% of those that were violated. 46% of entities stated that the attackers also elevated privileges and targeted their supply chains (45%), both on the vendor and customer side.

Identity Protection

Human identities continue to be a vulnerable target

Another interesting discovery was human identities are perceived as the riskiest, with employees at the forefront. Contrary to much of the market hype, non-human identities (API keys, OAuth tokens, service accounts) are seen as less risky than their human counterparts.

Identity Protection

Identity protection is segmented

It is uncertain that entities grasp what identity protection accountability entails for the hybrid and multi-cloud reality. Despite most entities utilizing on average 2.5 public clouds, the IT team (56%) was identified as being chiefly liable for ensuring the identity protection for the organization across multiple environments. This might mirror identity still being perceived as restricted to access allotment and deprovisioning. According to Jason Martin, Permiso Co-CEO and Co-Founder, this discovery could be understood by “identity protection traditionally having fallen under the general responsibilities for IT who are seen as stewards of IT systems, which includes allotting access and securing identities. Only in a minority of entities are we seeing the security department as the primary stakeholder.”

” to safeguarding identities.”

Identity Security

Security resources also seem to be separated, with SaaS (87%) and IaaS (81%) environments receiving the majority of security funding compared to all environments (46%). Regarding tools, the primary focus appears to be on the IaaS layer (66%), where a blend of cloud-native security tools like AWS GuardDuty and CNAPP solutions are being utilized.

While it seems that most organizations are conscious of the cyber threats they are confronted with, it is evident that there is still progress to be made in terms of being equipped to identify and counter identity threats promptly as they emerge. Indeed, the ability to detect and prevent credential compromise, account takeover, and insider risk was identified as the top concern for organizations.

Advancing universal identity security

The responsibility falls on all of us, including vendors, organizations, and the wider cybersecurity community, to redefine the necessary elements from a human, process, and technology perspective to ensure the new landscape of human and non-human identity as the key threat point is secured. In this context, reimagining identity security entails going beyond merely granting or revoking access to applications and services and recognizing it as a strategic business enabler.

Permiso Security emerged to tackle this obstacle, making unified identity security for all identities across various environments a reality.

You may read the entire report here: https://hero.permiso.io/state-of-identity-security-survey-report-2024

Discover more about how Permiso can assist in implementing this strategy within your organization.

Stumbled upon this intriguing read? This write-up is a contribution from one of our esteemed partners. Follow us on Twitter and LinkedIn for more exclusive content that we share.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , ,

More Stories

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

AndyC 20 December 2025
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

AndyC 20 December 2025
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

AndyC 20 December 2025
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

AndyC 19 December 2025
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

AndyC 19 December 2025
ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

ThreatsDay Bulletin: WhatsApp Hijacks, MCP Leaks, AI Recon, React2Shell Exploit and 15 More Stories

AndyC 19 December 2025

You may have missed

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

AndyC 20 December 2025
ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

AndyC 20 December 2025
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

AndyC 20 December 2025
What is Spoofing and a Spoofing Attack? Types & Prevention

How should Your Business Deal with Email Impersonation Attacks in 2025?

AndyC 20 December 2025
What is Spoofing and a Spoofing Attack? Types & Prevention

Best Vulnerability Scanning Tool for 2026- Top 10 List

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.