SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Delinea report finds organisations are struggling to grasp identity-related security
Thu, 28th Jul 2022
FYI, this story is more than a year old

New research from Delinea has found that 84% of organisations, particularly in Australia, New Zealand, Singapore and Malaysia, have experienced an identity-related security breach in the past 18 months.

The research also highlights that 60% of IT security decision-makers are being held back from delivering on IT security, with 63% also believing that security is not well understood by executive leaders.

The global survey consisted of responses from 2,100 IT security decision-makers in more than 20 countries and asked questions about attitudes towards security and identity in the workplace.

Also mentioned were the differences between the perceived and actual effectiveness of security strategies. While 40% of global respondents believe they have the right strategy in place, in Australia and New Zealand only 33% of respondents believe they have the right strategy in place. 96% of this selection said they had experienced some kind of breach or attack, signalling a significant disconnect. In Singapore and Malaysia, 47% believe they have the right strategy in place, even though 88% had experienced a breach or attack.

It was also reported that identity security was a significant priority for businesses, yet board buy-in is critical to successful outcomes.

Many organisations were found to be eager to make a change, particularly when it comes to protecting identities. In fact, 90% of respondents stated that their organisations fully recognise the importance of identity security in helping them to achieve their business goals, and 87% said that it is one of the most important security priorities for the next 12 months.

On the other hand, 75% of IT and security professionals also believed that they would fall short of protecting privileged identities because they wouldn't get the support they need from management.

The research says that this is due mainly to a lack of budget and executive alignment, with many company boards still not fully understanding identity security and the role it plays in enabling better business operations.

In Australia and New Zealand, 81% of respondents said their board doesn't fully understand identity security. In Singapore and Malaysia, the proportion is 70%.

Delinea chief security scientist and advisory CISO Joseph Carson reinforces the fact that while businesses want to drive change, they are being let down by management and execution strategy.

"While the importance of identity security is acknowledged by business leaders, most security teams will not receive the backing and budget they need to put vital security controls and solutions in place to reduce major risks," he says.

"This means that the majority of organisations will continue to fall short of protecting privileges, leaving them vulnerable to cybercriminals looking to discover privileged accounts and abuse them."

Carson also added that cyber criminals look for the weakest link and overlooking non-human identities, particularly when these are growing at a faster pace than human users, greatly increases the risk of privilege-based identity attacks. This creates further problems and enforces the need for stronger authentication systems.