Protecting the “identity as the new perimeter” has been a mantra in cybersecurity for years. But the perimeter has often been defined by user accounts, which doesn’t factor in the sprawling reality of corporate and consumer identity exposure today.
To fix the gaps, it’s time to shift. To revisit the status quo. And redraw the boundaries of identity threat protection.
Not doing so means you may be blind to how attackers are actively weaponizing stolen identities against your business.
Where the current identity protection approach goes wrong
For more than a decade, organizations have poured billions of dollars into securing digital identities, with no signs of a slowdown. The identity and access management (IAM) market alone was estimated at $29.4 billion in 2024. By 2032, the IAM and ITDR markets are expected to reach $130 billion.
Yet, efforts to secure the identity continue to flounder, with 94% of organizations experiencing an identity-related incident in the past year. Most see significant direct impacts to the business as a result, including operational disruptions, damage to reputation, and huge recovery costs.
The substantial investments in identity security solutions are failing because traditional solutions are fundamentally unprepared for the way cybercriminals now operate. They’re focused on protecting user accounts. But cybercriminals don’t operate within those nice and tidy boundaries. They have moved on far beyond account-level access to take over identities.
Modern identities are complex and sprawling. They encompass massive amounts of data exposed through breaches, information-stealing malware (infostealers), and phishing attacks, all of which recirculate in combolists.
SpyCloud research shows that an average person has 22-52 unique usernames, more than a dozen unique email addresses, and 141 credential pairs exposed on the dark web. These are only select pieces of the array of current and past exposed data belonging to employees, customers, partners, and suppliers that can enable cybercriminals to successfully gain entry into organizations.
Broadening the lens
Security teams have a tough time keeping up with the evolving adversarial tactics because traditional tools rely on stolen identity data that defenders know about. They don’t include hidden data that malicious actors have access to, nor do they provide a complete picture of compromised users or automated remediation to fully mitigate the risks.
Identity-driven attacks remain effective because a fragmented view of identities makes it impossible to remediate identity exposures fully. Changing the status quo starts with gaining comprehensive visibility – across users’ multiple online personas, both personal and professional, past and present. This shift to a holistic, identity-centric approach can bring about a dramatic change in defending against cyber and fraud risk.
If a user’s identity is a house, a holistic identity threat protection approach encompasses the neighborhood watch, the alarm system, and the locksmith. It’s a reaction to traditional approaches that lock the doors and windows (MFA, strong passwords), but fail to acknowledge that a criminal already has a copy of the key.
Why you need to shift to holistic, identity-centric security
Full stop: many security teams today are outsmarted and outpaced because of the limitations of their tool stack. Threat actors have enormous amounts of data at their disposal to automate identity-based attacks, and they’re operating at a scale and speed that traditional defenses weren’t built to stop.
Criminals’ advantage is identity data that’s hidden to most businesses – for example, active cookies from infected personal machines used to access corporate applications or an exposed password connected to an employee’s personal identity, but reused in a work setting.
Correlation + automation are the missing elements – and the key to knowing more, and acting faster.
SpyCloud defines a holistic identity as the full scope of an individual’s darknet exposure. It’s a view of data exposed in breaches, malware infections, and phishing attacks, correlated to an individual’s personal and professional online personas.
The identity may be a current or past employee, consumer, or third party – but their exposed identity data connects back to your business in various ways that can lead to initial access to your IT systems or sensitive data. Cybercriminals are operationalizing these vast digital footprints of each identity and use them against you – perpetrating account takeover, BEC, ransomware attacks, data breaches, and fraud.
Here are three core reasons to approach security through a holistic identity lens:
01
Identity is a top attack vector today.
Cloud applications, remote work, mobile device use, and online services have placed digital identities at the heart of our personal and professional lives. MFA, Zero Trust policies, and credential monitoring are standard ways to secure identities. But if attackers compromise an identity, they can often bypass these controls.
The massive scale of identity exposures tied to users across dozens of usernames, emails, phone numbers, IP addresses, and PII available on the darknet equips criminals with data they can piece together for identity-based attacks.
A broad view of identities that correlates these exposures enables you to take effective action, including:
- Triggering enhanced authentication
- Terminating sessions exposed from malware-infected devices (managed and unmanaged)
- Changing policies to enforce stronger security hygiene
- Forcing password resets based on exposed passwords tied to users’ personal and professional accounts
- Preventing password reuse and recycling
02
Identity sprawl is spiraling – and defenders can't keep up
Of the 255 passwords the average person manages across personal and work-related accounts, SpyCloud has found that 50% or more are circulating in criminal communities.
Unfortunately, passwords are just the beginning. Our analysis also shows that the average identity has at least 141 credential pairs, more than a dozen unique email addresses, and nearly 60 usernames exposed on the dark web. This data, along with additional exposed assets – like Social Security numbers, credit card information, driver’s license numbers, and dates of birth, to name a few – can be used to assume the individual’s identity.
Typical holistic identity matching yields 12-14x more exposed data versus traditional methods.
Until now, these exposures couldn’t be linked between personal and corporate identities through reused passwords or shared devices. This made it impossible for security teams to remediate exposures or thwart persistent issues like password reuse based on the limited exposure data they get from intel providers or in-house teams.
Without the ability to connect the many dots associated with a single user, enterprises remain vulnerable to attacks. Which is why SpyCloud created threat protection solutions that account for this identity sprawl – and automate the remediation of identity exposures so you can know more, but actually do less work to stay protected.
03
Traditional approaches are ineffective against modern identity attacks.
The approaches defenders have relied on lack the depth, specificity, and immediacy required to proactively protect from identity-based attacks.
Threat intelligence vendors, for instance, are very good at providing copious data and reports to help you understand the threat landscape and current actor behavior, while often providing some limited exposed credential data. While embedded AI is surfacing more actionable insights than ever, the onus is still on analysts to figure out what’s worth their time and what isn’t.
These vendors cannot reveal the full scope of exposed user identities, and typically stop at general darknet chatter and leaked credentials. This data misses multiple usernames and emails, stolen cookies, credit cards and other financial data, and PII that makes your users – and your organization – a target.
And the vendors certainly are not providing insights in a high-fidelity, fast, and highly enriched way that fuels automated remediation – within your existing security stack and without draining your resources.
How holistic identity threat protection is different
Traditional solutions for remediating identity risks, including identity & access management, threat intelligence, and incident response, rely on the user accounts that your enterprise manages. These solutions leave the door wide open to unseen risk from malware-exfiltrated and successfully phished identity data that cybercriminals are exploiting.
Holistic identity threat protection fills the gap by illuminating this previously unseen risk. As a new component of identity security, holistic identity threat protection supports a broad range of use cases, from account takeover prevention and Zero Trust enforcement, to supply chain and insider threat mitigation, to fraud prevention and Know Your Customer processes.
Ultimately, holistic identity threat protection isn’t only about deterring threats or making it more expensive for criminals to come after your business. It is about stopping attacks by making stolen data useless. Doing so requires hidden exposures to come to light, and that’s where you can rely on SpyCloud.
How SpyCloud has pioneered holistic identity threat protection
For nearly a decade, we have been recapturing massive amounts of darknet data, building and maintaining the largest and richest darknet data lake in the industry. At the same time, we have applied leading data science to create and refine our analytics capabilities to provide a more holistic and accurate picture of exposed identities.
By operationalizing this vast data collection with automated identity analytics, we have pioneered the paradigm shift to holistic identity threat protection.
Our key innovations that revolutionize how organizations investigate and respond to all manner of cyberattacks include:
- Refined and automated analytics, which apply advanced data science and proprietary technology to dynamically correlate, at scale, billions of recaptured data points and continuously uncover hidden relationships across seemingly unrelated accounts.
- Automated remediation, which enables security teams to neutralize threats within five minutes of discovery and within existing security tools, including EDR, SOAR, SIEM, and IdP.
- A robust investigations solution for security operations, cyber threat intelligence, fraud and risk prevention, and law enforcement teams to uncover the full scope of digital identity exposures and accelerate complex investigations into insider threats, financial crimes, threat actor attribution, and more in a matter of minutes.
Security teams who see and act on holistic identity threats will win. With SpyCloud, now you can.
Keep reading
