WatchGuard Blog

Go to 

Identity Security: A Wake-Up Call for Organizations

A digital 3D rendering of a human face in profile, illuminated in blue with glowing red contour lines, symbolizing identity, data, and cybersecurity in the age of AI.

Digital identities are under siege. The latest Osterman Research white paper offers a sobering discrepancy between maturity and reality.  The study surveyed 126 US based professionals responsible for identity security across organizations with more than 500 employees. The findings reveal a growing gap between perceived maturity and actual readiness to combat identity-led threats.

While 68.7% of organizations claim high maturity in their identity security deployments, Osterman’s analysis reveals a disconnect. For example, although 60% of respondents using dark web monitoring tools claim high maturity, only 22% provide evidence to support they are continuously monitoring workforce credentials. Similarly, backup and recovery capabilities for identity infrastructure are overstated, with only 41% showing actual maturity despite 71% claiming it.

The Escalating Threat Landscape

Cybercriminals are increasingly targeting identities—both human and non-human—as the primary vector for attacks. From phishing and credential stuffing to AI-powered social engineering, the sophistication and frequency of identity-led threats are rising. Nearly three-quarters of respondent organizations reported that the threat level of identity-related attacks has increased or remained unchanged over the past year. Notably, the use of AI to craft personalized attacks saw the highest surge.

Internally, organizations are struggling to detect compromised credentials and monitor service accounts. Nearly 80% lack visibility into what non-human identities (NHIs) are doing, and 56.3% do not detect when employee credentials are exposed on the dark web. With NHIs outnumbering human identities by more than 50:1—and 40% lacking clear ownership—this blind spot poses a significant risk.

Visibility: The Missing Link

The report highlights a critical shortfall in visibility across 14 identity threats and security fundamentals. Only 19% of organizations have full visibility into active threats like abnormal service account behavior or compromised credentials for sale. Visibility into multi-factor authentication (MFA) usage is equally troubling—70% don’t know if high-privilege users are using MFA, and 73% lack insight into the types of MFA factors deployed.

Without visibility, organizations cannot proactively remediate vulnerabilities, right size access rights, or detect lateral movement and privilege escalation—two common tactics used by threat actors’ post-compromise.

The Future of Identity Security

To address these challenges, a layered approach to identity security that goes beyond traditional identity and access management (IAM) focused on zero trust principles, such as:

  • Governance: Enforce least-privilege access by minimizing access rights throughout the lifecycle with recurring access governance reviews.
  • Visibility: Continuously monitoring credential usage across systems, detecting indicators of attack and known compromised credentials, and baselining behavior.
  • Remediation: Automatically responding to threats—such as locking out compromised credentials, enforcing step-up authentication for privilege elevation tasks, and automation policies to block Botnets and compromised IP addresses.

These capabilities are essential for preventing unauthorized access, mitigating insider threats, and responding to identity-based attacks in real time.

Investment, Prioritization, and C-Level Support

Encouragingly, most organizations are planning to invest in identity security technologies. Over the next 12 months:

  • 90% intend to expand their use of MFA and deploy new services such as Identity Threat Detection and Response (ITDR), and dark web credential monitoring.
  • Three out of four organizations are prioritizing identity security investments, especially where current capabilities are lacking.
  • The proportion of executives rating identity security as “extremely important” has more than doubled—from 27.8% to 65.9%. This shift reflects a move from compliance-driven motivations to security and operational efficiency imperatives.

A Roadmap for Resilience

Osterman Research concludes with a strategic roadmap for strengthening identity security:

  1. Enhance detection of compromised credentials through dark web credential monitoring and identity threat detection and response (ITDR).
  2. Stop lateral movement and privilege escalation using MFA across all access interfaces and real-time visibility into identity usage.
  3. Improve recovery capabilities with dedicated backup solutions for identity infrastructure, such as Active Directory and  Microsoft Entra ID.
  4. Capture a range of authentication, authorization, policy and credential signals to assess exposure risk and enable autonomous response.
  5. Enrich detections and policies with external threat intelligence and breach data feeds.


Final Thoughts

Identity security is no longer a niche concern - it’s foundational to cybersecurity. As threat actors evolve, so must the defenses.

Organizations must urgently revisit their identity security strategies, address overreliance on IAM platforms, close visibility gaps into identity-related risks, invest in advanced technologies, and operationalize protections that go beyond IAM.

The illusion of maturity is dangerous; only evidence-backed readiness will safeguard against the next wave of identity-led attacks. Solutions like WatchGuard MDR, which combine expert human analysis with proactive detection and response, can help organizations close those gaps, detect identity-led threats in real time, and strengthen defenses against today’s most advanced attacks.

Filed under: Data Privacy, Identity Security and MFA, Access & Identity Authentication, Multi-Factor Authentication, WatchGuard AuthPoint
Blog Home

Related Posts

Blog Home