Security

Identity will hold the keys to the kingdom for cybercriminals

Wednesday, February 8, 2023

Rishi Bhargava discusses why identity will hold the keys to the kingdom for cybercriminals in 2023, why security teams should have a healthy paranoia around AC and authentication, plus why businesses need to know that their digital applications are only as good as the identity barriers.

In 2023, identity will continue to hold the keys to the kingdom for cybercriminals. This is a continuation from 2022, with the Verizon Data Breach Investigations Report (DBIR) attributing 80% of basic web application attacks to the use of stolen credentials like passwords. Security incidents usually involve a variety of techniques, from social engineering to supply chain compromise, but pretty much every major breach this year started with attackers compromising a stakeholder's identity and fraudulently accessing their account.

Identity will hold the keys to the kingdom for cybercriminals in 2023

Businesses must realize that their digital applications are only as good as the identity barriers around them. With billions of leaked passwords available on the dark web and multi-factor authentication (MFA), bypass techniques gaining ground, application and security teams should have a "healthy paranoia" around user authentication and access control.

About Rishi Bhargava

Rishi Bhargava is co-founder and CRO at Descope (https://www.descope.com/), a stealth startup building something in the authentication space for application developers. In a career spanning over 20 years, Rishi has run product, strategy, go-to-market, and engineering for category-creating cybersecurity startups and large enterprises. Before Descope, Rishi served as VP of Product Strategy at Palo Alto Networks, which he joined via the acquisition of Demisto, a security operations startup.