Identity verification under attack: what IAM teams need to know now

TL;DR: Gartner’s 2025 Identity Verification report and recent fraud cases show that false or compromised identity checks now create operational, safety, and liability risk across workforce onboarding, access, and service workflows, according to 1Kosmos. Traditional verification models are no longer enough when attackers combine social engineering, hiring fraud, and identity abuse to bypass trust gates.

NHIMG editorial — based on content published by 1Kosmos: the 2025 Gartner Magic Quadrant for Identity Verification report analysis

By the numbers:

• 1Kosmos says it tripled annual recurring revenue and secured $57 million in venture backing in the past year.
• 1Kosmos says its global platform processes over one billion daily authentications for 75+ million users.
• 1Kosmos says customers have reduced identity fraud by more than 40% within six months of deployment.

Questions worth separating out

Q: How should IAM teams reduce identity fraud in workforce onboarding and access?

A: Start by treating identity proofing as a security control with downstream consequences, not an HR formality.

Q: Why do traditional identity processes fail against social engineering and hiring fraud?

A: Traditional processes often assume the identity decision is correct once and then remain true across the entire lifecycle.

Q: How can organisations tell whether identity verification is strong enough for privileged access?

A: Look for evidence that the verification model changes with risk, not just with user volume.

Practitioner guidance

• Map every downstream trust reuse point Identify where a verified identity is reused across onboarding, service desk resets, privileged access, and regulated workflows.
• Separate proofing from authentication in policy design Document which controls establish that a person is real and which controls later prove they are the same person at login.
• Review recovery and fallback paths for impersonation risk Test what happens when an attacker cannot break authentication but can still exploit account recovery, help desk, or identity proofing fallback.

What's in the full article

1Kosmos' full article covers the operational detail this post intentionally leaves for the source:

• The vendor's own breakdown of FedRAMP High Authorization and the control environment behind it
• Details on the integration stack across Active Directory, Okta, Microsoft Entra ID, CyberArk, Ping, and ServiceNow
• The biometric and reusable identity wallet architecture described by the vendor
• Customer examples and deployment claims that show how the platform is being positioned in workforce identity use cases

👉 Read 1Kosmos' analysis of Gartner's 2025 identity verification report →

Identity verification under attack: what IAM teams need to know now?

Explore further

View Full Forum →  |  NHI Foundation Course →