Phishing remained the top identity abuser in 2022: IDSA report

Phishing was the most common type of identity-related incident in 2022, according to a study by Identity Defined Security Alliance (IDSA), a nonprofit identity and security intelligence firm.

The study, commissioned through Dimensional Research, also revealed that the top phishes among the incidents included email phishing, spear phishing, and vishing/smishing incidents.

“With a spike in digital identities comes an increase in cyberattacks targeting them. By far the most significant reason behind this was employees unknowingly clicking on a phishing email,” according to the report.

The study interviewed 529 IT security and identity professionals from organizations with more than 1000 employees.

Phishing-led incidents had a direct business impact

Sixty-two percent of the respondents said they had an identity-related incident in 2022 that can be linked to phishing. Among these, 93% said they had suffered an email phishing attack.

A significant (49%) number of respondents reported experiencing spear phishing, with another 27% saying they had been the victims of vishing or smishing incidents.

Identity-related attacks were driven by additional factors. Employees who used  identical passwords for both their work and personal accounts were involved in 37% of such attacks. Hackers utilizing social engineering techniques, employees utilizing non-authorized devices, and users sharing their credentials with colleagues also contributed, with each factor accounting for 31% of the attacks.

“For most attackers, the ultimate goal is to access and exfiltrate data, and the easiest way to access data is by exploiting an existing identity with pre-authorized access to sensitive data. This is driving both the increasing volume and increasing variety of identity-related attacks,” said Jack Poller, an analyst at ESG Global. “And with this increasing volume comes increased awareness of the role identities play in attacker tactics, techniques, and procedures (TTPs), and increasing understanding of the importance of securing identities.”

Over two-thirds of the study respondents said they experienced direct business impact as a result of an identity-based attack in the last 12 months. “The most significant impact was the cost of recovering from the breach (39%), followed by distraction from core business (33%) and the negative impact on the company’s reputation (25%),” the company added.

Securing identities remains a top priority

Eighty-six percent of the respondents placed managing and securing digital identities as a top five priority, with 17% seeing it as the number one concern. Only 4% of the businesses surveyed don’t see it as even a top 10 priority.

This shifting security focus is being driven by companies seeing a significant increase in the number of identities, according to the report.

The critical factors driving this increase were identified as the growing adoption of cloud applications (52%), the rise of remote working (50%), more mobile device usage (44%), and more third-party relationships (42%).

In response to such incidents, 58% of security teams triggered their existing incident response plan, and 57% also notified their management team.

The focus on contingency has also seen a spike, as the majority of businesses (80%) expressed interest in cyberinsurance for identity-related incidents with 48% having already invested in some coverage.

“Due to the frequency of identity-related breaches, some cyberinsurance underwriters are taking identity security into account, both for providing cyberinsurance and for rate determination,” Poller said. “Specifically, some policies now require strong authentication – i.e., phishing-resistant or passwordless authentication.”