In 2024, the cyberthreat landscape is moving fast. Organizations are now faced with the unprecedented challenge: Move faster.

While many have rolled out multi-factor authentication (MFA) and governance measures to keep up with threats, most have been caught in common pitfalls like over-reliance on outdated security systems, underfunding IT and favoring trending solutions over comprehensive identity strategies. Without a robust identity strategy, organizations leave themselves vulnerable to attacks.

The Critical Role of Identity in Cybersecurity

In the cybersecurity space, we say, “Identity is everything.” As long as operational identity security remains a blind spot, all hackers need to breach an organization’s defenses is an identity and the means to compromise it. “Identity is everything” speaks to identity as the cornerstone of zero trust, wherein its very nature informs a system’s ability to quickly identify and eradicate bad actors within a digital environment. Dually, it calls out identity – people – humans – as the weakest link in any organization’s security perimeter. So, for organizations and those trying to breach them, identity is everything.

Identity threat detection and response (ITDR) is an operational identity security discipline that leverages behavioral analysis to rapidly detect and respond to suspicious activity within an organization’s digital environment. ITDR acts as a cybersecurity fire alarm and sprinkler system, working to identify and contain threats before they cause significant harm. Without ITDR, companies might not (and probably won’t) realize they’ve been breached until it’s too late.

Enter ITDR

When ITDR entered the picture in 2020, it was in response to a cybersecurity industry struggling to protect suddenly remote COVID-era workforces with existing identity and access management (IAM) solutions. Four years later, ITDR is the gold standard of detection and response, and as it continues to evolve as a discipline of IAM, innovators are leveraging AI and ML to improve response times and accuracy because the threats aren’t slowing down.

Google’s 2023 Threat Horizons Report revealed that 86% of security breaches involve the use of stolen credentials – that makes it clear to us that continuous, identity-informed monitoring is key to defending against hackers in 2024.

When a hack occurs, you have one minute to detect it, 10 minutes to understand it, and 60 minutes to contain it before hackers begin moving laterally through your network. The consequences of missing these marks are significant – think financial losses, reputational damage and long-term operational disruptions – and without ITDR in place, hitting them is nearly impossible. Right now, the average time to detect and contain a security breach is 272 days.

After the release of MITRE’s 2023 ATT&CK Evaluations report, ITDR is top of mind in the cybersecurity space. The highly publicized report revealed that two-thirds of attacks are traced back to account takeovers, underscoring the need for ITDR as a specialized IAM technology. Despite the positive buzz surrounding ITDR, the technology is commonly mislabeled as a luxury at the leadership level. In a culture of cost-cutting and “it won’t happen to us” mindsets, IT teams are all too often left trying to stretch the capabilities of extended detection and response (XDR) and security operations centers (SOC) to protect against identity threats. Many reactive investments in ITDR are born of this defense strategy.

Real World Failures

In the first nine months of 2021, a 2020 identity-based attack on SolarWinds cost the company $40M. After using phishing techniques to obtain credentials, a Russian hacking group called Nobelium entered SolarWinds software development environment and injected malicious code into one of the platform’s upcoming updates. When SolarWinds customers (including the U.S. Department of Defense and Microsoft) downloaded the update, their networks were compromised.

Why are we discussing this? Hackers entered SolarWinds’ security perimeter and moved within the organizaion’s environment undetected for six months before attacking (14 months total), meaning ITDR could have prevented it. With adequate access controls in place, it is much less likely Nobelium would have been able to enter SolarWinds’ network at all. Holding off on ITDR cost SolarWinds at least $40M, weeks of service disruptions, and a significant hit to their reputation.

SolarWinds wasn’t the first and won’t be the last high-profile organization to suffer preventable breaches. Twitter, Microsoft and Capital One have all found themselves in the headlines in the past five years for failing to notice and stop data breaches affecting thousands, even millions of customers. In each of these instances, ITDR could have greatly reduced the breach’s impact or prevented it altogether.

Strategy Sabotage

Could you be getting in your own way when it comes to cybersecurity success? Here are three common ways organizations are sabotaging their cybersecurity posture:

1. Placing too much confidence in one solution. It’s a huge mistake to trust that the procedures you currently have in place will be enough. Unfortunately, it’s also an easy one to make. Hackers are constantly evolving, and so are cybersecurity defenses, which is why isolated investments don’t work. To maintain a strong cybersecurity posture and keep your company out of the breach headlines, organizations must create a holistic view of their strategy, understand that the environment changes constantly, and make continuous, robust efforts to evolve with the threat landscape.
2. Underfunding IT and cybersecurity. From technology resources to qualified staff, IT security teams are underfunded all around. Many malicious activities and threats are highly sophisticated and require attention from experts who are trained in effective methods and have access to cutting-edge technology available in modern 24/7 Security Operations Centers (SOC).

Organizations should never attempt to solve cybersecurity issues they’re not prepared to handle. Investing in the right specialists — whether in-house or externally — and ongoing training is essential to maintaining strong defenses. Your organization will fall behind quickly if your team isn’t continuously evolving. Where business leaders are concerned, cybersecurity is often an attractive place to trim expenses. But businesses simply cannot cut their cybersecurity budget and hope they don’t suffer a breach. Hackers aren’t stopping, so you can’t either.

3. Letting trends rule their strategy. Right now, ITDR is a popular topic, but AI is overwhelmingly more relevant in today’s culture of conversation – the “hype cycle”, if you will. In a year, the cycle may not be talking about ITDR, but it will still be just as critical to your identity strategy. This is why trends are the enemy of a holistic cybersecurity strategy. Investing in a comprehensive, intentional approach to security – a secure total experience – will always yield better results than a one-off implementation of some cool new technology.

Offensive Strategy Best for Organizations

Operating on an “it won’t happen to us” mindset will always get your organization in trouble. When it comes to strengthening your organization’s cybersecurity posture, a shift from a reactive to a proactive mindset is crucial to staying ahead of evolving threats and preventing costly and damaging breaches. A comprehensive, identity-focused cybersecurity is the best way to proactively defend against threats. It happens to also be the best way to improve user experience outcomes.

Complacency is one of the biggest threats to your ability to protect yourself against threats in 2024. That’s why taking an offensive approach to identity management isn’t just a defense measure; it’s a strategic imperative. By investing in robust ITDR solutions and avoiding the common pitfalls of underfunding, over-relying on single solutions and chasing trends, organizations have the power to stop potentially devastating data breaches in their tracks. Don’t let your organization make headlines in 2024 — bring identity and ITDR to the forefront of your security conversations, and remember, identity is everything.