Why the 2023 security roadmap begins with identity management

There has been no shortage of identity-based cyberattacks this past year, and this is a trend that is only set to grow in the coming year. In 2021, 84% of organisations experienced an identity-related breach, with 78% suffering direct business impact. This is far from surprising.

After all, identity-based cyberattacks have been the leading cause of security breaches, with rapid digitalisation and industrial automation having contributed to an explosion of new identities — both human and non-human — in recent years.

With machine identities already outweighing human ones by 45 times on average, the digital ambitions of Asia-Pacific (APAC) governments and businesses alike will continue to contribute to a proliferation of digital identities, especially non-human ones. While these digital identities — in the form of IoT devices, robotic process automation devices, and more — are expected to fuel growth of the APAC digital economy, the exponential growth of these same identities will pose increased threats that necessitate making identity management a priority.

Security breaches due to identity-related threats will be on the rise

Illegitimate use of credentials has become the ubiquitous vehicle for breaches, responsible for 48% of breaches in 2021, up from 37% in 2017, as per Verizon’s 2022 Data Breach Investigations Report. Made evident by the Colonial Pipeline 2021 ransomware attack — where a compromised VPN password for a defunct account was exploited — the biggest threat to organisations remains digital identities that unlock access to troves of critical data.

This is worrying when now, more than ever, hybrid working patterns appear here to stay. Singapore, in particular, was just heralded the champion of hybrid work in the region; countries like Japan, Australia and Vietnam were also reported to be following suit. With this continued pattern of alternating between work-from-home and office arrangements, cloud-based apps and services will continue to see shadow IT as a persisting phenomenon. While employees may perceive using unapproved IT systems, devices, software, apps and more on unauthorised devices to work more efficiently, the flipside is that, what IT is unaware of, they cannot support nor ensure its security.

In this coming year, security leaders then can no longer afford to not have 360-degree visibility into all unmanaged apps and devices, and the access that they are accorded. With that, adopting a zero-trust approach will be essential for giving employees the appropriate amount of access to do their jobs while keeping the company safe.

As the influx of new digital identities proves traditional approaches like perimeter security are obsolete, businesses will also increasingly find other commonly enforced tools like multi-factor authentication and single sign-on tools to be inadequate because they are unable to govern access dynamically. Instead, for zero trust to truly take effect, identity security must be at its core (rather than integrated in a piecemeal manner) to maintain the round-the-clock oversight needed to prevent unauthorised access and resulting breaches, even amidst employee movements and organisational restructures.

AI/ML-driven identity security becomes business-essential

With the GSMA predicting 25 billion connected devices by 2025, it is no wonder that over 50% organisations find it challenging to protect their machine identities today. Closer to home, the APAC region is expected to see millions of new users join the internet in the coming year, as countries like India and Indonesia are anticipated to make strides forward in digital inclusion efforts with the roll-out of 5G.

With the number of digital identities only set to increase, it will simply prove too risky for organisations to offer access to employees without first bolstering each access point with clear identity security controls. This will require businesses to sunset manual processes and move towards automation-led identity security solutions that provide 360-degree visibility, detection, and remediation, so they can stay ahead of the threat curve with confidence.

The demands of a hyper-digital APAC landscape will thus see businesses recalibrate their identity security strategies to adopt AI and ML-based identity tools. However, it will also require businesses to ensure that these tools are used while having centralised identity security that extends across the IT infrastructure in a holistic manner. The inverse — piecemeal adoption of identity access and management (IAM) tools — would simply unlock gangways for attackers to compromise systems.

Additionally, with recession worries looming over companies, AI/ML identity solutions will prove essential on the cost front. By automating the discovery and remediation of anomalous identities and high-risk access permissions, businesses can look forward to cutting operational costs for IAM by up to 30%; reducing data breach costs by up to 80%; and enhancing overall user productivity with savings of up to 11,000 hours, and more. Ultimately, looking beyond adopting AI-based identity solutions for compliance, an AI-driven identity security approach can be a vital business enabler.

Cloud complexities drive demand for identity security in the cloud

Adoption of public cloud services in APAC has shown no signs of significantly slowing down in the coming year as it is predicted to grow by 28.3% year on year in 2023. While cloud services undoubtedly unlock numerous avenues for businesses to digitalise and scale, recent cloud-based attacks have revealed how the lack of security safeguards can exact a heavy cost on businesses.

As reliance on cloud-based services and applications grows, businesses will increasingly need to ensure identity security solutions are integrated even in cloud environments. This will be a crucial step forward for business in APAC, especially since only 14% percent of businesses have been revealed to have mature identity programmes that include identity security integration across environments.

With that, we will see businesses look towards SaaS identity security solutions for both the effective deployment and scaling of their identity governance programmes. Such solutions will not only provide organisations with the necessary flexibility, enhanced security, and automation, but also reduce workforce disruption, provide cost savings, and drive value within a shorter time.

More importantly, a cloud-based SaaS solution empowers businesses with the agility to innovate quickly to plug any apparent gaps which will be critical in mitigating digital threats.