CyberArk Report: 93% of Companies Will Experience Identity-Related Breach by 2023

Identity security firm CyberArk recently released the CyberArk 2024 Identity Security Threat Landscape Report, which provides a unique perspective on how AI will enhance cyber defenses as well as attacker capabilities, highlight the accelerated pace at which identities are created in new and complex environments, and the scale of identity-related breaches impacting organizations.

The report is based on a survey of private and public sector organizations with more than 500 employees. The survey was conducted by market research firm Vanson Bourne among 2,400 cybersecurity decision makers. Respondents were based in Brazil, Canada, Mexico, the United States, France, Germany, Italy, the Netherlands, Spain, the United Kingdom, the UAE, Australia, India, Hong Kong, Israel, Japan, Singapore and Taiwan.

The scale of human and machine identities is growing rapidly. According to the report, many security professionals rate machines in particular as the most dangerous identity type. The report authors note that the creation of machine identities is being driven in part by the widespread adoption of multi-cloud strategies and the increased use of AI-related programs such as LLM. Many of these identities require sensitive or privileged access. Machine identities often lack security controls, making them a broad and powerful threat vector.

  • 93% of organizations have experienced two or more identity-related breaches in the past year
  • Machine identity is the biggest driver of identity growth and is considered the most dangerous type of identity.
  • 50% of organizations expect identity breaches to triple in the next 12 months (2.4x on average)
  • 61% of organizations define privileged users as limited to humans. Only 38% of organizations define all human and machine identities with critical access as privileged users.
  • 84% of organizations expect to use three or more CSPs in the next 12 months

The 2024 Threat Landscape Report, consistent with the 2023 report, found that nearly all (99%) organizations are using AI in their cybersecurity defense initiatives. The report authors also predicted that identity-related attacks will increase in volume and sophistication as both skilled and unskilled attackers take on an increased role, including AI-based malware and phishing. In a related study, the majority of respondents were confident that deepfakes targeting their organization would not fool their employees, contrary to expectations.

  • 99% of organizations adopt AI-based tools as part of their cyber defenses
  • 93% of respondents expect AI-based tools to pose cyber risks to their organizations in the next year
  • More than 70% are confident that employees can identify deepfakes in their organization’s leadership
  • Nine out of ten organizations fall victim to identity breaches due to phishing or vishing attacks

“Digital initiatives to drive organizational progress inevitably create a plethora of human and machine identities, many of which have sensitive access privileges. Identity security controls must be applied to prevent identity-centric breaches,” said Matt Cohen, CEO of CyberArk. “What this report shows is that identity breaches have impacted nearly every organization, and that siloed legacy solutions are no longer effective at addressing today’s challenges. Organizations must shift their paradigm to build resilience around a new cybersecurity model with identity security at its core to move forward.”
editor@itworld.co.kr

Source: www.itworld.co.kr