The survey revealed phishing as the most common identity-related incident in 2022, with “emails” as the most popular type. Credit: Thinkstock Phishing was the most common type of identity-related incident in 2022, according to a study by Identity Defined Security Alliance (IDSA), a nonprofit identity and security intelligence firm.The study, commissioned through Dimensional Research, also revealed that the top phishes among the incidents included email phishing, spear phishing, and vishing/smishing incidents.“With a spike in digital identities comes an increase in cyberattacks targeting them. By far the most significant reason behind this was employees unknowingly clicking on a phishing email,” according to the report.The study interviewed 529 IT security and identity professionals from organizations with more than 1000 employees. Phishing-led incidents had a direct business impactSixty-two percent of the respondents said they had an identity-related incident in 2022 that can be linked to phishing. Among these, 93% said they had suffered an email phishing attack.A significant (49%) number of respondents reported experiencing spear phishing, with another 27% saying they had been the victims of vishing or smishing incidents. Identity-related attacks were driven by additional factors. Employees who used identical passwords for both their work and personal accounts were involved in 37% of such attacks. Hackers utilizing social engineering techniques, employees utilizing non-authorized devices, and users sharing their credentials with colleagues also contributed, with each factor accounting for 31% of the attacks.“For most attackers, the ultimate goal is to access and exfiltrate data, and the easiest way to access data is by exploiting an existing identity with pre-authorized access to sensitive data. This is driving both the increasing volume and increasing variety of identity-related attacks,” said Jack Poller, an analyst at ESG Global. “And with this increasing volume comes increased awareness of the role identities play in attacker tactics, techniques, and procedures (TTPs), and increasing understanding of the importance of securing identities.”Over two-thirds of the study respondents said they experienced direct business impact as a result of an identity-based attack in the last 12 months. “The most significant impact was the cost of recovering from the breach (39%), followed by distraction from core business (33%) and the negative impact on the company’s reputation (25%),” the company added.Securing identities remains a top priorityEighty-six percent of the respondents placed managing and securing digital identities as a top five priority, with 17% seeing it as the number one concern. Only 4% of the businesses surveyed don’t see it as even a top 10 priority.This shifting security focus is being driven by companies seeing a significant increase in the number of identities, according to the report.The critical factors driving this increase were identified as the growing adoption of cloud applications (52%), the rise of remote working (50%), more mobile device usage (44%), and more third-party relationships (42%). In response to such incidents, 58% of security teams triggered their existing incident response plan, and 57% also notified their management team.The focus on contingency has also seen a spike, as the majority of businesses (80%) expressed interest in cyberinsurance for identity-related incidents with 48% having already invested in some coverage.“Due to the frequency of identity-related breaches, some cyberinsurance underwriters are taking identity security into account, both for providing cyberinsurance and for rate determination,” Poller said. “Specifically, some policies now require strong authentication – i.e., phishing-resistant or passwordless authentication.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe