In an era where digital transformation is rapidly reshaping the corporate landscape, the latest research from CyberArk, an identity security company, stresses a growing concern: identity-related breaches.
The 2024 Identity Security Threat Landscape Report reveals a worrying trend among Indian organizations, with 93% experiencing two or more identity-related breaches in the past year alone.
This alarming statistic sheds light on how Artificial Intelligence (AI) boosts cyber defenses but also attacker capabilities, by increasing the pace at which these identities are created.
The Growth of Machine Identities
As organizations increasingly adopt multi-cloud strategies and integrate AI-driven programs, the number of machine identities has surged. These identities, often granted sensitive or privileged access, are now seen as the riskiest identity type.
Unlike human identities, machine identities frequently lack robust security controls, making them prime targets for cyber attackers. The report highlights that machine identities are the primary driver of identity growth, with 50% of organizations expecting a threefold increase in identities over the next year.
Human vs. Machine: A Discrepancy in Security
A significant finding from the report is the disparity in how organizations treat human and machine identities.
While 53% of organizations view privileged users as human-only, 46% extend this definition to include all identities with sensitive access, whether human or machine.
This inconsistency points to a critical gap in identity security strategies, emphasizing the need for a unified approach.
The Role of AI in Cyber Defense
AI’s dual role in cybersecurity is another focal point of the report. Nearly all organizations (99%) are leveraging AI-powered tools to bolster their defenses. However, the same technology is being harnessed by attackers to enhance the sophistication of their methods.
Notably, 93% of respondents anticipate that AI-powered tools will introduce new cyber risks in the coming year. Despite these threats, 84% of security professionals express confidence that their employees can recognize deepfakes of organizational leadership, a testament to the growing awareness and training within enterprises.
The report also emphasizes the persistent threat of phishing and vishing attacks, with 88% of organizations falling victim to successful identity-related breaches through these methods.
This statistic highlights the critical need for ongoing education and robust security measures to protect against these common but highly effective attack vectors.
Industry Insights
“In today’s digital age, where identities proliferate at an unprecedented pace, machine identities are the silent players of our systems, serving as the cornerstone of innovation while being the weak link of security,” said Rohan Vaidya, Area Vice President, India & SAARC at CyberArk.
“As we navigate this landscape, the CyberArk 2024 Identity Security Threat Landscape Report illuminates the urgent need to bridge the gap between human and machine identity security.”
Matt Cohen, CEO of CyberArk, adds, “Digital initiatives to drive organizations forward inevitably create a plethora of human and machine identities, many of which have sensitive access and all of which must have identity security controls applied to them to guard against identity-centric breaches.”
“The report shows that identity breaches have affected nearly all organizations – multiple times in nearly all cases – and demonstrates that siloed, legacy solutions are ineffective at solving today’s problems.”
Conclusion
The findings from the CyberArk report serve as a stark reminder of the evolving threat landscape and the critical importance of robust identity security measures.
As organizations continue to expand their digital footprints, a paradigm shift towards a more integrated and resilient cybersecurity model is essential.
By placing identity security at the core of their strategies, organizations can better safeguard against the ever-growing array of digital threats.
