Based on the data across the world from Okta Customer Identity Cloud, powered by Auth0, this report presents trends, examples, and real-world observations from the billions of identity attacks at various authentications touchpoints.
Research into these Okta global customers found the following key facts and figures:
- Fraudulent registrations are an ever-present and growing threat: In the first 90 days of 2022, Okta observed almost 300 million fraudulent account creation attempts, accounting for about 23% of signup attempts, up from 15% in the same period last year. Energy/Utilities and Financial Services experienced the highest proportion of signup attacks, with such threats accounting for most of the registration attempts in those two industries.
- Credential stuffing is on a record pace: Credential stuffing attacks are the most common threats to Retail/eCommerce (more than 80% login activity), Financial Services and Entertainment verticals. In the first 90 days of 2022, the platform detected almost 10 billion credential stuffing events, representing some 34% of overall traffic or authentication events. In Southeast Asia, which was buoyed by several large-scale attacks, credential stuffing accounts for the majority of identity events. The situation in Australia and New Zealand was more sanguine — normal traffic represents the majority of login events (63%), and only during a large attack does credential stuffing overtake legitimate traffic.
- Threat actors are targeting multi-factor authentication (MFA): In Asia Pacific, MFA bypass attacks are responsible for more events than signup attacks. Because of its proven merits, more application and service providers are recommending or requiring MFA. As attackers become more sophisticated at targeting this important defensive measure, it's critical that MFA be implemented correctly and that strong secondary factors are chosen.
- Every company faces unique challenges. The threats facing any particular application or service vary enormously by geography, industry, and brand prominence, among other factors. At the same time, different organizations have different risk appetites and exposures. The appropriate level of friction introduced by security measures will therefore vary on a company-to-company basis.
Applications gain users, identity takes on even greater Importance
As adversaries focus greater attention on attacking identity systems and evolving their tactics, techniques, and procedures (TTPs), the report highlighted that it is essential for application and service providers to:
- Implement defence-in-depth tools that work in combination across the user, application, and network layers
- Continually monitor their applications for signs of attacks and changes in TTPs; and
- Make adjustments (e.g., tune parameters, tighten restrictions, introduce new tools, etc.) as needed.
"Trust between customers and organizations is sacred and hard-earned, therefore it is crucial to make identity security a board-level issue. Placing identity security at the core of your business will allow your workers to focus on innovation, collaboration, and productivity while reducing overall identity-related risk," Goodman added.
Managing CIAM Threats
The report also highlighted that an agile, secure-by-design CIAM solution permits a considerable amount of flexibility that allow organizations to tailor customer identity and access management — and continually tune as needed — without drawing in resources better applied toward advancing core competencies.
The report recommends several solutions that involve combining multiple security tools that can operate at different layers and form a unified defensive position. These include implementing MFA, using generic failure messages that do not reveal system details, limiting failed login attempts, and implementing secure session management practices.
About The State of Secure Identity Report
This report is based on data from Okta customers around the world using Okta Customer Identity Cloud, powered by Auth0. As a result, it represents real-world observations of identity attacks. The data was retrieved by Okta security researchers by running simple and anonymous queries against our aggregate database of operational telemetry. Industry segmentations are based upon each customer's self-reported segment. Observations are from the first 90 days of 2022 unless otherwise noted. Okta's 2022 State of Secure Identity Report can be downloaded here.
Hashtag: #Okta
The issuer is solely responsible for the content of this announcement.
About Okta
Okta is the World's Identity Company. As the leading independent Identity partner, we free everyone to safely use any technology—anywhere, on any device or app. The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce Identity and Customer Identity Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations. We're building a world where Identity belongs to you. Learn more at okta.com.