Identity attacks are at the forefront of cyber threats

Last year, cybercriminals were able to infiltrate some of the world's largest organizations by exploiting vulnerabilities in authentication and access. In fact, more than 26% of all incident responses are recorded by Talos, the cyber intelligence division of ciscowere linked to the use of compromised credentials in 2023.

While multi-factor authentication (MFA) remains a critical defense against identity attacks, malicious actors are using clever new methods to steal credentials. Although Cisco Duo processed 16 billion authentications in 2023, representing a 41% year-over-year increase, and weaker forms of multi-factor authentication, such as text messages and phone calls, fell to an all-time low of 5%, The attacks continue to increase.

Cisco Duo Trusted Access 2024 report finds four in ten enterprise user accounts lack strong multi-factor authentication

“When identity and access management is poor or inadequate, the attack surface increases. As more relationships are created between devices, identities, and permissions, it becomes increasingly difficult to monitor which users are doing what.” Organizations must adopt an identity-first approach to security, combining Combine strong authentication, networking and security in a comprehensive solution.”says Angel Ortiz, director of cybersecurity at Cisco in Spain.

Identity attacks

Cisco Duo's 2024 Trusted Access Report reveals significant findings that are transforming the cybersecurity landscape, highlighting a paradigm shift that puts identity at the center of cyber threats:

1. The rise of passwordless authentication: Adoption of WebAuthn-enabled factors such as security keys and biometric technology such as Touch ID has increased by 53% over the past year, starting from a small scale initially.
2. Ongoing challenges: Despite the increase in MFA adoption, four in ten enterprise accounts, on average, lack strong MFA, exposing them to cyberattacks.
3. Biometrics and Policies: Less than 4% of organizations explicitly delegate or deny policies based on location.
4. Increased failure rate due to outdated hardware: In 2023, this percentage increased by 75%. Organizations are implementing more stringent controls to mitigate these risks.