Survey reveals identity security knowledge gaps put people at risk

Over the past few years, a comprehensive identity security approach to IT and cybersecurity environments has become critical to organizations in preventing data breaches. Although crucial, a lack of understanding of best practices holds organizations back. 

As a quick primer, this type of security solution locks down all identities in an organization to ensure that malicious actors cannot access critical assets. It requires that all identities, from IT admin to third-party vendors, are rigorously authenticated and authorized before being permitted access to specific assets based on their role in the organization. 

Recently, network security company RSA conducted an ID IQ Quiz, surveying cybersecurity and identity and access management (IAM) professionals to assess their identity security knowledge, capabilities, and perceptions. With 2,350 respondents from over 90 countries taking part, the report based on the quiz gives a comprehensive overview of the landscape. 

Here are a few of the key takeaways.

Knowledge gaps

According to the RSA ID IQ Report, a large percentage of the cybersecurity and IAM professionals who responded had knowledge gaps in areas related to developing more robust identity security and best practices. Some examples include: 

  • 64% didn’t choose the best practice technologies for reducing phishing
  • 63% didn’t select the identity components needed to help organizations achieve zero trust
  • 55% did not have a complete understanding of how identity capabilities can shore up an organization’s security posture
  • 42% of respondents underestimated how often users reuse passwords

RSA CEO Rohit Ghai believes that these findings reveal why identity is a critical area for cybercriminals breaching organizations:

“…users simply don’t understand identity’s full cybersecurity role, the risks that identity poses, or the ways to use identity to build safer organizations. The gaps in users’ identity knowledge give cybercriminals openings to exploit.”

Unsecured personal devices are prime targets

Dealing with sensitive matters on personal devices like a phone or tablet is becoming increasingly common, which concerned the respondents, as these devices often aren’t as secure as managed devices and put users at significant risk of security compromise. 72% of respondents felt that users often utilize mobile devices to access professional emails, while 97% believe that users accessing things like professional email on their phone cannot scrutinize them as well as they would on desktops and that this is a security issue.  

Trust in technology

Finally, a large percentage of respondents highly trust technology for security and privacy. 64% said they trust technological innovations like password managers more than a trusted person like a partner or friend. They also felt confident in AI’s ability to strengthen identity security. 91% believe AI can detect irregularities, vulnerabilities, and suspicious login attempts successfully.

Share on Twitter, Facebook, Google+