The sudden shift to remote work exposed the limitations of traditional, domain-based security. The castle-and-moat security approach is obsolete, having given way to a kitchen-table-and-home-office norm. Employees are accessing IT resources—distributed across on-premises servers and private and public clouds—from anywhere and everywhere.
Security teams need to be increasingly vigilant about monitoring and managing identity, from the devices employees log into, the networks they traverse, and the files and applications they access. The pandemic prompted a significant uptick in security threats as bad actors seek to take advantage of the new work ecosystem. ESG research found that exploiting a user’s identity has become the most common attack. This includes outsiders seeking to exploit a software vulnerability or commit targeted penetration attacks, but also risks from the inside: compromised user credentials, spearphishing of privileged credentials, and overly permissive privileges.