The critical state of identity security

Sergey Medved at Quest Software shows how Identity Threat Detection and Response is changing cyber-security strategies and argues that organisations must start to prioritise it 

 

The June 2024 Snowflake data breach served as a stark wake-up call for organisations worldwide. This incident led to hundreds of companies, including UK giants like Ticketmaster and Santander, finding themselves compromised through stolen credentials. It highlighted an uncomfortable truth: identity is now the primary security battleground.

 

The stakes are higher than ever. Microsoft reports credential abuse features in 99% of the 600 million daily identity attacks targeting Microsoft Entra ID alone. This surge in identity-based threats has further demonstrated how attackers can bypass traditional security measures, underscores the urgent need for robust Identity Threat Detection and Response (ITDR) implementation.

 

Current state of ITDR implementation

The recent Quest’s research, The state of ITDR: adoption, maturity and effectiveness, reveals that while 48% of organisations have implemented ITDR practices, with another 31% in the process of implementation, the maturity levels vary significantly. Only 23% report having comprehensive coverage with continuous monitoring and automated responses, despite 64% considering their practice mature or very mature.

 

The gap between how organisations view their ITDR maturity, and their actual capabilities raises concerns, especially as identity-based attacks grow more sophisticated. When asked about their reasons for implementing ITDR, 67% cited proactive threat management and 51% pointed to regulatory compliance. And only 32% implemented ITDR in response to security incidents.

 

Organisations face several significant hurdles in their ITDR journey. The top challenges include: 

• The complexity of integrating ITDR with existing systems, cited by 69% of respondents, stands as the primary obstacle. 
• Budget constraints follow this at 61%, and lack of expertise affects 59% of organisations. 
• Perhaps most concerning, 48% report difficulties in securing executive buy-in for ITDR initiatives. 

 

Hidden costs of inadequate identity security

One of the study’s most alarming findings reveals that while most of the respondents acknowledge the importance of identity security hygiene and prevention measures, only 50% use identity infrastructure security tools. Even more concerning, just 42% identify and monitor their Tier Zero assets—critical resources that, if compromised, could lead to catastrophic breaches.

 

The research also unveiled a startling statistic: 31% of organisations never test their identity disaster recovery plans. With Active Directory downtime costing approximately £625,000 per hour, this oversight represents a significant business risk that many organisations are failing to address.

 

Resource allocation presents another critical challenge. Only 34% of organisations involve their Identity and Access Management infrastructure teams in ITDR efforts. Instead, most rely primarily on SecOps teams (48%) or CISOs (43%). This oversight frequently results in missed automation opportunities and incomplete security strategies.

 

ITDR adoption outcomes

Despite these challenges, the study reveals encouraging success rates among organisations that have embraced ITDR. Among those with implemented practices, 84% report positive outcomes, with 16% exceeding their expectations and 40% fully achieving their goals.

 

Several key elements emerge among successful implementations. Organisations that modernised their Active Directory environments reported improved security outcomes, with 55% noting significant ITDR improvements post-modernisation. Additionally, 64% of respondents believe cloud-joined devices enhance their overall security posture, enabling better visibility and control over identity-related activities.

 

Future trends and recommendations

Looking ahead to 2025, the research identifies several critical trends shaping the future of identity security. Nearly half of organisations are exploring AI and machine learning capabilities to predict and prevent vulnerabilities in their identity infrastructure. This technological evolution, coupled with the growing adoption of cloud-joined devices, suggests a shifting landscape that organisations must prepare to navigate.

 

For IT leaders, the research suggests several priority actions: 

• First, protecting critical assets must take centre stage. Regular testing is crucial, and organisations should consider bi-annual disaster recovery testing as a minimum standard; however, only 24% currently meet this benchmark.
• Second, organisations must bridge the expertise gap by ensuring IAM teams play a central role in ITDR strategy. The successful implementation of ITDR requires specialised knowledge that security generalists may lack.
• Third, organisations must approach regulatory compliance proactively. With only half of organisations currently utilising identity infrastructure security tools, many businesses remain vulnerable to both attacks and regulatory penalties. 

The message emerging from this comprehensive research is clear: while organisations recognise the importance of identity security, many still struggle to implement effective protection measures. In 2025, organisations must close the gap between ‘acknowledgment’ and ‘action’. Those that fail to prioritise ITDR implementation could face not only an increased risk of breach but also significant financial and operational consequences.

 

For IT leaders, the time for action is now. With identity-based attacks growing in sophistication and frequency, organisations cannot afford to treat ITDR as optional. The research shows that successful implementation, while challenging, delivers measurable benefits that far outweigh the initial investment in resources and expertise.

 

---

 

Sergey Medved is VP of Product Management at Quest Software

 

Main image courtesy of iStockPhoto.com and Vertigo3d