Identity, Security Strategy, Plan, Budget, IAM Technologies, Decentralized identity and verifiable credentials

Identity security budgets expected to increase at 60% of organizations

A glowing white fingerprint is centered within a circular blue light interface on a dark digital grid background with neon blue lines.

Nearly 60% of organizations have increased their annual spend on identity security in the past year, according to a July 29 study by SpecterOps.

The study added that enhancing visibility into attack paths was ranked as the third-highest cybersecurity priority over the next year.

The rise of identity risk will be the top priority for security teams over the next three to five years, researchers found.

The problem has expanded, as many security leaders are already looking for new tools to manage identity risk.

“The observed surge in enterprise funding directed toward identity security indicates a strategic reallocation of resources, fomented by the recognition that identity has become the de facto control plane for modern distributed architectures,” said Nic Adams, co-founder and CEO or 0rcus.

Corporate boards are shifting capital expenditures to identity-centric security, acknowledging its role as the point of highest marginal risk reduction, added Adams. He said the recent statistic that nearly 60% of organizations increased their identity security budgets, coinciding with a universal experience of at least one security breach within the same period, corroborates this reorientation.

“Security teams must immediately enhance credential management due to the demonstrable efficacy of credential theft and takeover in modern adversarial operations, accounting for over 40% of recent incidents,” said Adams. “From an offensive perspective, credentials represent a highly versatile and cost-effective attack vector.”

James Maude, Field CTO at BeyondTrust, added that identity has become the new perimeter as businesses and individuals move their entire lives into cloud applications and services, meaning that a compromised identity can deliver access to large amounts of data and systems.

“Within the business world, we are seeing the lines between personal and professional accounts blur,” said Maude. “This means that a user’s personal accounts, or devices, being compromised can impact their business identity as well."

Rom Carmel, chief executive officer at Apono, said as more of an organization’s assets move to the cloud, we're seeing a greater number of attacks leverage misused identities and existing access that those identities have.

“More than ever before, it’s challenging for security teams to keep a tight grip on who should have what access levels as the business requires to deliver fast,” said Carmel. “Security teams are struggling to keep leveraging existing tools today. Moving forward, we will be seeing a continued dominant trend in cloud identity access management security.”

You can skip this ad in 5 seconds