Tomorrow, April 8, an identity management day is celebrated, an anniversary to remember the importance of protect against identity theft and security violations They usually carry. And it is that 79% of data leaks are related to identity theft and cost companies an average of 4.5 million dollars, according to reports from the Alliance for Security Defined by Identity (IDSA) (Identity Defined Security Alliance) and the Ponmon Institute.
In addition, the 2025 edition of the Active Adversary Report of Sophos reveals that the average time between the start of an attack and the exfiltration of data is only 72.98 hours (3.04 days), while the average time between the exfiltration and the detection of the attack is only 2.7 hours. Cyber attacks are increasingly fastand the longer a compromised identity remains active, the greater the potential damage will be.
Cybercriminals can use a committed identity to access confidential information, steal data, move laterally inside the company and launch new attacks. Therefore, it is crucial to take immediate measures to contain the gaps and minimize their consequences. In this context, automation plays a key role by allowing companies to respond quickly and effectively to identity -related threats as Álvaro Fernández, sales director at Sofos Iberia points out:
«Identities management is essential for robust cybersecurity. A quick and efficient response to an identity gap is crucial to minimize damage and protect the assets of a company. Through awareness, with days such as this day of identities management, it is highlighted that prevention, together with a coordinated response, mitigates the risks associated with identity gaps ».
How to protect against identity theft
Coinciding with identity management day, Sophos researchers have remembered a series of tips to manage and protect identities:
1. disable the user. When an identity violation is detected, one of the first steps is to deactivate the compromised user account. By preventing the attacker from using the stolen identity to access the company’s systems and data, this measure is advanced to the cyber -struggle and helps contain the gap.
Automation considerably accelerates this process. With automated response tools, companies can quickly identify compromised accounts and deactivate them in real time. This reduces the attack window and minimizes potential damage.
2. Force the restoration of the password. Passwords are often the first line of defense against unauthorized access attempts. In case of identity violation, it is essential to immediately force the restoration of the password of the committed account to prevent cyberbellors from using stolen credentials.
Automated rules can be configured to activate instantaneous password restoring as soon as a violation is detected. This saves time and guarantees that the recovery process begins without delay, reducing the risk of new unauthorized access attempts.
3. Cause the restoration of multifactor authentication (MFA). Multifactor authentication (MFA) adds an additional security layer when demanding users to enter a verification code, in addition to their password. If an identity violation occurs, it is crucial to restore the MFA for the committed account. This means that the user will have to be authenticated again using their MFA tool, which automatically invals any stolen authentication token that cyber -stakeholders may have acquired.
Automated rules can activate the update of MFA tokens, guaranteeing a rapid re -authentication of compromised accounts. This prevents cybercounts from using stolen authentication tokens to access company systems.
4. Block the account. Blocking a compromised account prevents cyberbellors from trying to use it until the problem is solved. This also provides time to the company to investigate the gap and apply the necessary corrective measures.
Automation speeds up the accounts blocking process, allowing companies to prevent access to committed accounts as soon as a gap is detected. This immediate response helps contain the gap and blocks new unauthorized access attempts.
5. Revoke active sessions. In addition to deactivating the user account and forcing password restoration, it is essential to revoke all active sessions associated with the committed identity. In this way, it is guaranteed that the attacker immediately disconnected from all the systems he accessed using stolen credentials.
