RSA recently conducted its inaugural ID IQ Quiz, aiming to assess the knowledge and awareness of cybersecurity and identity and access management (IAM) professionals. The “2023 RSA ID IQ Report” from RSA shares the survey’s results and sheds light on various aspects of identity security, including the prevalent knowledge gaps and the role of artificial intelligence (AI) in enhancing protection.
A press release from RSA announcing the report highlights some of the key findings from the survey:
- The gap in users’ identity security knowledge gives cybercriminals an opening
- Respondents trust technological innovations for their security and privacy
- Unmanaged mobile devices are prime targets for identity compromise
- Fragmented identity solutions are driving up costs and slowing down productivity
I have reviewed the report myself, and I spent some time with RSA CEO Rohit Ghai to dive into the insights and talk about some of the things that seem concerning or promising from the survey results.
Global Focus on Identity
With a sample size of over 2,350 respondents from more than 90 countries, the survey provides a comprehensive look at identity security around the world. Rohit Ghai, CEO of RSA, noted, “We got much more than expected participation around a global set of audience that actually engaged with the survey. That was very, very promising to us. That means identity is a top of mind issue globally.”
Identity Security Knowledge Gaps: A Breach Vulnerability
The report identifies substantial gaps in respondents’ knowledge concerning vital identity vulnerabilities, best practices for securing identity, and strategies for developing stronger identity security. Alarmingly, 63% of the participants could not accurately identify the identity components necessary to move organizations towards a zero-trust approach.
Similarly, 64% of respondents failed to select the best practice technologies for reducing phishing attacks effectively. The survey found that many self-described IAM specialists have a concerning lack of understanding of identity security. Nearly two-thirds could not accurately select the best practices to reduce phishing, and more than 40% underestimated the frequency that users recycle old passwords.
These knowledge gaps provide cybercriminals with opportunities to exploit organizations. Users’ lack of comprehensive understanding regarding identity’s cybersecurity role and risks makes them susceptible
The Need for Unified Identity Solutions and AI Integration
Jim Taylor, the Chief Product Officer of RSA, emphasized that the increasing number of users, devices, entitlements, and environments is overwhelming IAM specialists, making it challenging for them to keep up with evolving threats. To stay secure and compliant, organizations must invest in unified identity solutions and integrate AI to help their personnel cope with the rapid pace of change.
By incorporating AI capabilities, organizations can better detect suspicious access attempts, identify irregularities in access entitlements, and recognize vulnerabilities on mobile devices. The survey revealed that a significant 91% of respondents believe in AI’s potential to improve identity security, highlighting the widespread recognition of AI’s benefits in enhancing protection.
It seems undeniable that AI will play a significant role in virtually every aspect of technology and security, but that doesn’t mean that AI alone is the solution. Rohit and I discussed the power and importance of AI combined with human insight and experience. AI is invaluable for processing the sheer volume and complexity of identity requests, and augments identity professionals to enable better identity security.
Trust in Technology for Security and Privacy
The report indicates that respondents trust technological innovations for their security and privacy. Nearly two-thirds (64%) of the participants place more trust in technical tools like computers or password managers than in their partner, closest friend, or financial advisor when it comes to safeguarding their information.
Furthermore, respondents exhibited strong confidence in AI’s capabilities to enhance identity security. This reflects the growing acceptance of AI as a potent tool in the fight against cyber threats.
Unmanaged Devices: A Prime Target for Identity Compromise
According to the report, unmanaged devices pose a significant risk of identity compromise. An overwhelming 72% of all respondents believed that people frequently use personal devices to access professional resources. Additionally, 97% of cybersecurity experts noted that users tend to open more emails on their phones than on desktops, making it more difficult to scrutinize potentially malicious content. The use of personal devices to access professional resources and the lack of similar security capabilities in unmanaged devices create a perfect storm of risks.
The RSA press release points out, “These responses align with Zimperium’s 2023 Global Mobile Threat Report, which found that the average user is 6-10 times more likely to fall for an SMS phishing attack than an email-based attachment.”
Impact of Fragmented Identity Solutions on Costs and Productivity
The survey revealed that nearly three-quarters of all respondents either didn’t know or significantly undervalued the cost of a password reset, with almost half of self-described IAM experts unaware of the true cost. As password resets can cost upwards of $70 each, they contribute significantly to IT help desk expenses. The lack of accurate pricing awareness could lead to uncontrollable costs, highlighting the importance of employing a unified identity solution for authentication and access.
Moreover, inadequate identity governance and administration have a detrimental effect on organizational productivity. Nearly one-third (30%) of all respondents reported being prevented from accessing the systems needed for their work at least once a week. Such hindrances can hamper efficiency and hinder progress.
Driving the Future of Identity
Rohit and I talked about the changing dynamics of identity security. “I think there is another very important issue there, which is that these identity professionals have thought of their jobs differently in the past,” he explained. “They thought of their jobs as enabling access.”
Rohit emphasized that the motives have shifted. The goal was initially to avoid helpdesk calls and ensure users had easy access to resources—but that is a very different objective and only a very small facet of what should define an identity professional today. That is more of a network admin or IT perspective, but it doesn’t address the security needs for identity today.
“I think that needs to change in the new world that is coming. Identity people need to be security people first, and network and access and the other skills that are important I believe will need to take a sort of secondary role going forward,” shared Rohit.
The 2023 RSA ID IQ Report paints a vivid picture of the current state of identity security knowledge, highlighting significant gaps that cybercriminals can exploit. The survey underscores the need for organizations to invest in unified identity solutions and integrate AI to enhance their security measures effectively. By addressing these vulnerabilities and embracing advanced technologies, businesses can fortify their defenses against identity breaches and protect sensitive information in an increasingly digital world.
Read the full article here