01-07-2025
Identity Security: Overcoming Challenges And Embracing Innovation
Bojan Simic is the Cofounder and CEO of HYPR, a provider of passwordless MFA and identity assurance solutions.
Current identity security strategies are inadequate. My company's survey of 750 global IT security decision makers in January found that only about half of organizations avoided a breach last year, with 87% of incidents rising from basic identity vulnerabilities, such as misused credentials and verification gaps, necessitating a reevaluation of security approaches.
To combat modern threats such as social engineering, deepfakes and impersonation, organizations must shift from traditional methods, adopt innovative solutions and redefine trust in identity security.
However, challenges may impede progress.
Reimagining Identity Security: Overcoming Persistent Challenges
Enhancing identity security is now a crucial priority that demands strategic insight and collaboration across industries. Organizations face ongoing challenges, like outdated authentication methods and new threats from generative AI.
Despite the significant barriers to robust identity security, the potential for innovation is equally strong. These pain points highlight a mix of challenges and opportunities for progress:
1. The Stubborn Legacy of Passwords: For decades, the cost of password-related breaches and the persistent inconvenience they impose have exposed them as a fundamental security failure. As a primary driver of security incidents, their continued reliance is inexcusable.
2. Misinterpreting Zero Trust: Zero trust is more than a buzzword—it represents a paradigm shift. Many organizations fail to understand that it is not just about acquiring new tools or branding a new security strategy. It involves rethinking how we establish trust in today's digital age.
3. Balancing Security And User Experience: Too often, security measures compromise usability. When security feels burdensome, users are less likely to adopt it effectively. The goal must be to implement robust defenses that integrate seamlessly into the user experience.
4. Phishing's Enduring Threat: Phishing attacks persist, regardless of how advanced defenses become. Human error and weak credentials remain the most common means by which attackers gain access.
5. The Checkbox Mentality: Security is more than a compliance exercise. It requires a genuine commitment to reducing risk. A checkbox mentality leads to vulnerabilities and fosters a false sense of protection. Absolute security demands a proactive, ongoing effort that embraces best practices such as passwordless authentication and zero-trust strategies.
6. Complexity In Cybersecurity Tools: The cybersecurity market has been saturated with tools that promise the world, yet often lead to frustration. If a tool is not intuitive and difficult to implement, it will not be used effectively. Organizations require straightforward solutions that facilitate deployment and management while delivering enterprise-grade security.
7. Supply Chain Vulnerabilities: Recent high-profile software supply chain attacks highlight the interconnected nature of risks. The Lazarus Group used malicious npm packages to steal credentials and cryptocurrency wallet data, and to install backdoors. Attackers also uploaded counterfeit Python packages mimicking legitimate ChatGPT tools to deceive developers and exploit the popularity of AI development. As an industry, we must advocate for greater transparency and more robust security measures from vendors to guarantee that technology is thoroughly vetted and founded on trusted standards.
8. Shifting From Reactive To Proactive Security: Organizations often spend excessive time reacting to rather than preventing threats.
9. Bridging The Cybersecurity Skills Gap: The cybersecurity talent shortage is well-known. While not an overnight solution, developing accessible and intuitive technologies for users and administrators enables teams to focus on what matters most.
10. Challenging The Status Quo: Lastly, one of the greatest frustrations is the resistance to change. In cybersecurity, clinging to outdated practices only exacerbates vulnerabilities. Organizations must embrace innovation and challenge established norms to reap the benefits of meaningful progress.
The Identity Renaissance
Because of the challenges above, companies are starting to awaken to the need for the Identity Renaissance, a term coined by my company, HYPR, to signify the growing and crucial shift in thinking more deeply about identity security.
This movement emphasizes embracing modern, phishing-resistant authentication and prioritizing securing workforce access as a strategic imperative. This means taking decisive actions, including:
1. Implementing An Identity-First Security Model: Identity assurance should be foundational. Phishing-resistant authentication should replace weak fallback methods to safeguard workforce access.
2. Fixing Onboarding Processes: Manual identity checks and document-based verifications are vulnerable to errors. AI-driven identity verification can enhance security while eliminating unnecessary friction.
3. Eliminating Legacy Authentication: Passwords and fragmented security systems create inefficiencies. Companies must prioritize secure, scalable alternatives, such as FIDO passkeys.
4. Unifying Physical And Digital Access: Separate physical entry from digital authentication creates vulnerabilities. Smart credentials streamline access across devices, applications and locations, providing seamless integration.
5. Aligning Security Across Teams: Identity security is not just an IT issue; it impacts HR, security and identity teams. Collaboration and leadership support are crucial to a strong security culture.
This is more than a technological shift; it's a movement towards lasting security, resilience and digital trust. Industry leaders must standardize phishing-resistant authentication, improve interoperability and ensure that identity solutions are accessible to all businesses.
Brands must treat identity security as a central pillar of their enterprise strategy, not just a compliance requirement. By embracing a zero-trust mindset, simplifying onboarding and aligning security with usability, businesses can create authentication frameworks that are seamless and resilient.
Those who take bold steps in AI-driven identity verification, eliminate weak fallback methods and unify access will secure their systems and redefine digital trust.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
