A new report by Osterman Research and commissioned by Silverfort highlights the inadequate deployment of multi-factor authentication (MFA) and privileged access management (PAM) solutions in protecting against identity threats. Despite having these solutions in place, organizations remain vulnerable to attacks [2] [3].


The report reveals that less than 7% of organizations have implemented MFA protection for critical resources, which requires users to authenticate with more than just a password [4]. This lack of comprehensive MFA implementation leaves organizations exposed to attacks. Similarly, only a small percentage of organizations have fully implemented PAM solutions [1], which focus on protecting privileged resources within a network and granting appropriate access to users [4]. This leaves privileged users vulnerable to attacks.

The report emphasizes the risk of compromised credentials accessing resources without MFA [1], underscoring the need for comprehensive deployment of these solutions. MFA and PAM work together to provide a layered defense [4], preventing situations where hackers gain access to the system using stolen credentials [4].

The importance of identity and access management (IAM) in Asia-Pacific (APAC) is highlighted due to the increasing number of stolen credentials used by cyber attackers [5]. Identity-based attacks are common in cyber security [5], with over 40,000 permissions that can be granted to identities [5], of which over 50% are high-risk [5]. This complexity makes it challenging for organizations to track who has access to what data and across which cloud platforms [5].

The rollout of national digital identity systems in the region [5], coupled with a more aware consumer base [5], necessitates organizations to secure access to critical systems [5]. IAM solutions offer robust security measures to protect against unauthorized access [5]. Strong standards-based authentication adoption in some countries could reduce the risk of 40% of data breaches [5]. Regulatory standards will continue to prioritize identity governance and privileged access management (PAM) to assist organizations in protecting themselves [5].

The report also provides a scoring model to assess an organization’s resilience to identity threats and offers recommendations for improvement [1]. Access to the full report is available for further insights [3].


Inadequate deployment of MFA and PAM solutions leaves organizations vulnerable to identity threats. The report highlights the need for comprehensive implementation of these solutions to protect critical resources. The growing number of stolen credentials in the APAC region underscores the importance of IAM in securing access to critical systems. Strong authentication adoption and regulatory standards will play a crucial role in mitigating the risk of data breaches. Organizations can benefit from the scoring model and recommendations provided in the report to enhance their resilience against identity threats.


[1] https://patabook.com/technology/2023/09/19/think-your-mfa-and-pam-solutions-protect-you-think-again/
[2] https://vulners.com/thn/THN:14DC65C856435743C0F22482C770A29A
[3] https://thehackernews.com/2023/09/think-your-mfa-and-pam-solutions.html
[4] https://www.wallix.com/blog/how-mfa-and-pam-work-together/
[5] https://www.computerweekly.com/feature/APAC-guide-to-identity-and-access-management