Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Identity verification under attack: what IAM teams need to know now


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Gartner’s 2025 Identity Verification report and recent fraud cases show that false or compromised identity checks now create operational, safety, and liability risk across workforce onboarding, access, and service workflows, according to 1Kosmos. Traditional verification models are no longer enough when attackers combine social engineering, hiring fraud, and identity abuse to bypass trust gates.

NHIMG editorial — based on content published by 1Kosmos: the 2025 Gartner Magic Quadrant for Identity Verification report analysis

By the numbers:

Questions worth separating out

Q: How should IAM teams reduce identity fraud in workforce onboarding and access?

A: Start by treating identity proofing as a security control with downstream consequences, not an HR formality.

Q: Why do traditional identity processes fail against social engineering and hiring fraud?

A: Traditional processes often assume the identity decision is correct once and then remain true across the entire lifecycle.

Q: How can organisations tell whether identity verification is strong enough for privileged access?

A: Look for evidence that the verification model changes with risk, not just with user volume.

Practitioner guidance

What's in the full article

1Kosmos' full article covers the operational detail this post intentionally leaves for the source:

  • The vendor's own breakdown of FedRAMP High Authorization and the control environment behind it
  • Details on the integration stack across Active Directory, Okta, Microsoft Entra ID, CyberArk, Ping, and ServiceNow
  • The biometric and reusable identity wallet architecture described by the vendor
  • Customer examples and deployment claims that show how the platform is being positioned in workforce identity use cases

👉 Read 1Kosmos' analysis of Gartner's 2025 identity verification report →

Identity verification under attack: what IAM teams need to know now?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Identity verification is becoming a governance control, not just an onboarding step. The article is right to frame false identity as a systemic risk because the same proofing event often authorises access across HR, IT, and privileged workflows. That makes identity verification part of lifecycle governance, not a standalone security feature. The implication is that IAM programmes need to treat identity proofing as an upstream control surface with downstream blast radius.

A few things that frame the scale:

  • 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to the Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which shows how often identity trust is accepted without complete oversight.

A question worth separating out:

Q: Who is accountable when a false identity reaches critical business systems?

A: Accountability should sit with the identity and access owners who define how proofing outcomes are accepted by downstream systems, not only with the team that operated the verification tool. If HR, IAM, PAM, and application owners all rely on the same trust decision, ownership must be shared and documented. Otherwise no one is accountable when the trust chain breaks.

👉 Read our full editorial: Identity verification is becoming the front line of enterprise security



   
ReplyQuote
Share: