Today, on Identity Management Day, 8th April 2025, Sophos warns businesses about the growing risks of identity theft. A staggering 79% of data breaches are linked to identity theft, costing organizations an average of $4.5 million, according to the Identity Defined Security Alliance [IDSA] and the Ponemon Institute.
The latest Sophos Active Adversary Report shows that cyberattacks are moving faster than ever. On average, attackers steal data just 72.98 hours after an attack starts, and companies typically detect the breach only 2.7 hours later. The longer a stolen identity remains active, the greater the risk of damage.
To combat this, Sophos urges businesses to adopt smart identity management practices. Once a hacker gains access through a compromised identity, they can steal data, access sensitive systems, and escalate attacks. Quick action is essential to limit the damage, and automation is key to responding in real-time.
Five Automated Actions to Stop Identity Theft:
Disable the User
As soon as a breach is detected, disable the compromised account. Automation tools can detect suspicious activity and immediately block the attacker from accessing systems.
Force Password Reset
Resetting passwords cuts off access using stolen credentials. Automated systems can trigger resets instantly when a breach is detected, reducing delays and preventing further misuse.
Reset Multi-Factor Authentication [MFA]
MFA provides an extra layer of security. After a breach, it’s crucial to reset MFA to invalidate stolen tokens. Automation ensures rapid token refresh, requiring re-authentication and locking out attackers.
Lock the Account
Temporarily locking a user account prevents further attacks while the incident is investigated. Automated tools help enforce this immediately, buying time to respond effectively.
Revoke Active Sessions
Even if a system disables credentials, attackers may still access active sessions. Revoking these sessions logs them out across all systems.
Real-time automation makes this step fast and effective.
By combining these automated actions, businesses can significantly reduce the impact of identity-related breaches. Taking proactive steps to manage digital identities is no longer optional—it’s essential.
Learn more here: 5 Critical Response Actions for an Identity Breach.
