Cybercriminal tactics have evolved, but many attacks remain the same. Ransomware, phishing attacks, and even social engineering targeting emails are not new. But, these tactics continue to be highly successful in penetrating organisational defences. New technologies, such as Generative AI tools, are enhancing cybercriminal strategies. This forces companies to implement a more unified and strategic approach to tackle these issues, particularly around identity, access and device management. The popularity of hybrid working practices, where employees can work from anywhere, has made this approach increasingly critical.

However, humans are still a weak link. Mistakes such as using weak passwords, reusing credentials across multiple platforms, or falling victim to phishing attacks can provide malicious actors with an easy gateway into secure systems. Social engineering exploits, and the natural human inclination to trust, deceive employees into divulging sensitive information or unwittingly granting access.

Despite widespread awareness campaigns, these tactics continue to succeed. This highlights the gap between knowledge and practice, which continues to present a risk to organisations.

To overcome these challenges, companies must implement stringent security measures, such as multi-factor authentication (MFA) or frequent mandatory password changes to lock down access. Yet users often view these as cumbersome or inconvenient. Consequently, employees seek shortcuts that undermine the intended security benefits.

Therefore, balancing security with usability is a continual challenge and organisations must strive to implement measures that are robust, yet user-friendly, ensuring compliance without compromising security.

Growing demand for robust IAM strategies and solutions

Identity and access management (IAM) is essential for business security. This framework of technologies and strategies allows organisations to control access to user systems and data. By regulating access, organisations can increase the security of company systems and documents. Robust IAM strategies and solutions can also prevent unauthorised people from misusing data.

However, rising demand for remote and hybrid work increases device sprawl, as the number and variety of laptops, phones, tablets, and other devices that users need to work effectively only continues to grow. This makes it harder to implement IAM solutions, causing teams to hunt for the holy grail – how to flexibly and securely manage a growing fleet of devices that users rely on.

Simplifying the IT stack, as well as consolidating everything from onboarding, reporting, and device management – not to mention ease of data access for end users – is immensely important to SMEs.

Our Q3 2024 SME IT Trends Report shows that despite their rising interest in centralised IT management, IT professionals continue to juggle several point solutions. Nearly half of respondents (45%) require five to 10 tools to manage employee worker lifecycle; over a quarter (28%) require 11 applications or more; and 10% require more than 15.

Unfortunately, patchwork IT leaves too many holes in the infrastructure that hackers can take advantage of. Plus, multiple point solutions frustrate IT professionals tasked with managing this environment. They want a better, more unified way to manage identity, devices, and access.

But, as the research found, the perfect balance between security and user experience continues to elude IT professionals. Over eight in 10 (84%) would prefer a single platform to manage user identity, access, and security over a mix of best-in-class point solutions.

Increased use of centralised management and biometrics authentication

One of the best ways to manage identity and access and fortify security posture is through centralised IT management. Our research found that when it comes to employees accessing IT resources, 49% say that all employee accounts are managed centrally with permissions and security measures controlled by IT. Only 11% leave accounts entirely unmanaged and encourage – but don’t necessarily mandate – the implementation of measures such as MFA.

Increased use of biometric authentication is also a notable trend in 2024. This advanced cybersecurity process verifies user identity with distinctive biological traits, like fingerprints or facial features, and is already used in smartphones, tablets, and laptops.

Biometric authentication is often more secure than other authentication measures because it’s challenging to replicate these unique features. With the proliferation of devices, it’s not surprising that the number of organisations adopting biometrics is on the rise. IT professionals look to introduce additional security without affecting productivity.

Our Q3 2024 research found that biometrics adoption has remained steady, with 66% of SMEs requiring it, a similar figure to our Q1 2024 report. Two thirds of IT professionals agree that their organisation’s security posture would be stronger if biometrics were required. Indeed, as biometric authentication use increases, developers are discovering new ways to optimise the technology and increase its security.

That said, our research found that 95% of respondents use passwords to secure at least some IT resources, despite SMEs adopting tools like MFA, biometrics, and single sign-on (SSO). Whether it’s legacy systems, complicated implementations, or other reasons, only 26% of employees can access all their IT resources with just one to two passwords, whilst 17% have to manage 10 passwords or more.

The need for a unified platform

In today’s modern environment, IT teams are having to skilfully navigate a complex environment often creating their own map as they go. This means ripping up old playbooks and adapting to the changes around them to tackle the most pressing technology challenges, regardless of the uncertainties they face.

Getting the balance right between security and flexibility that users need is a persistent challenge. For SME IT professionals, a unified platform is preferred to easily and securely manage identities, devices, and access across the organisation. Such platforms enable IT professionals to grant users secure and frictionless access, through a single pane of glass, to the resources that their employees need to do their job.

As cyberthreats continue to evolve and artificial intelligence reshapes the digital landscape, keeping identities, access and devices secure will be top of mind for SMEs – but harder to achieve in the complex environment we now operate in.