On Digital Identity
(Posted on Wednesday, March 29, 2023)
In general, digital identity is an understood concept. However, let’s take a look at a definition from TechTarget.
A digital identity is the body of information about an individual, organization, or electronic device that exists online. Unique identifiers and use patterns make detecting individuals or their devices possible.
When I think about my digital identity, how I connect to the digital world is all-encompassing. My Apple ID, KeyChain, email addresses, location, mobile numbers, devices, browser history, IP addresses, and more.
Every part of our digital life leverages our digital identity in every transaction we make, even when writing this blog.
Like everyone, we leave bits and pieces of our digital identity everywhere, enabling more targeted advertising experiences and content recommendations to how we access the digital platforms you’re reading this from now.
Inherently, there is a risk with our digital footprint and identity, so we need more of us to take it seriously. As discussed in a previous post, most cybersecurity solutions focus on infrastructure (servers, applications, etc.).
As in our personal lives, our digital identities also take on significant importance in our daily work lives. For example, at my former company, Stitch, I had access to Workspace, AWS, Slack, Zoom, Google Hangouts, multiple partner portals, banking, etc.
To my knowledge, no service provides a “single pane of glass” view across all my digital identity activity and behavior. Because of this, millions of small, medium, and large organizations risk becoming targets through their user base because we, as users, are not paying attention 24/7 to our digital lives, looking for anomalies and threats.
You may not believe your XYZ service credentials are important, but they are. Once a bad actor accesses one of your digital identity accounts, they can move laterally across everything else. We have better things to do; I get it. However, we should all become more knowledgeable here.
Your organization may not have the tools to have a single source of truth to understand its user’s digital identity behaviors. How do you know if it’s Chris? It may look like Chris, and if you are not continuously detecting digital identity behavior, it might not be Chris.
I should know.
When you understand the breakdown of how users are targeted as backdoors into an organization, like what happened to me, you look at digital identity security from a new lens.
As organizations experience ongoing cyber threats, they will continue to experience digital asset and identity theft on a massive scale if we do not start paying attention more closely to digital identity behavior.
Let’s look at some compelling research and how cybercrime can impact our digital identity.
According to Cybercrime magazine, widespread cybercrime, largely Web2, has entered the top 10 rankings of the most severe risks we will face in the next decade. They predict by 2025; cybercrime exposure will reach $10.5T annually.
Web3 bug bounty provider Immunefi released new research calculating that $3.9B in crypto funds was lost across the Web3 ecosystem to hacks and scams in 2022. As someone who HODL crypto, I want to know who is trying to access my wallet, as I’m in this for the long haul.
IBM’s cost per data breach report states that every data breach costs the organization $9.4M (US) and $4.3M (Avg. Globally).
Finally, roughly 25% of all data breaches in 2022 were user-related data breaches, according to the Identity Theft Resource Center, impacting hundreds of organizations and over 400M users.
Combining the 1800 data breaches with the average data breach cost per IBM and the amount of crypto stolen in 2022 alone, over $10B in lost assets or services needed to address breaches from cybercriminals.
What we must understand as users, we own the totality of our digital identity. We control our digital behavior. We decide whether or not we should update our passwords consistently, share our account access with family to watch our favorite shows, and determine our level of exposure every time we connect to the internet.
It’s hard to adapt, but we must understand our exposure and build digital identity policies to prevent unwanted intrusion.
Stay safe.
To learn more about Privacy Pandemic, please visit.