CyberArk Report: Weak Identity Security Leaves 95% of APJ Organisations Vulnerable
CyberArk (NASDAQ: CYBR), the identity security company, released a new global research report, which includes data from Asia Pacific and Japan (APJ), that shows how siloed approaches to securing human and machine identities are driving identity-based attacks across enterprises. The CyberArk 2024 Identity Security Threat Landscape Report provides unique perspectives on how Artificial Intelligence (AI) boosts cyber defences as well as attacker capabilities; increases the pace at which identities are created in new and complex environments; and highlights the scale of identity-related breaches affecting organisations.
Cyber Risk Rises as Machine Identity Security Treated Differently to Humans
The report found that security professionals rate machines as the riskiest identity type. A machine identity is a unique identifier distinguishing software code, applications and virtual machines from others on a network. It is used to authenticate and authorise the machine to access resources and services.
In part due to the widespread adoption of multi-cloud strategies and the growing utilisation of AI-related programs like Large Language Models, machine identities are being created in vast numbers. Many of these identities require sensitive or privileged access.
However, contrary to how human access to sensitive data is managed, machine identities often lack identity security controls, and therefore represent a widespread and potent threat vector ready to be exploited.
-
95% of APJ organisations had two or more identity-related breaches in the past year.
-
APJ organisations expect identities to grow an average of 2.6x in the next 12 months.
-
62% of APJ organisations define a privileged user as human-only. Only 38% of organisations define all human and machine identities with sensitive access as privileged users.
Widespread Use of AI to Battle AI and Complacency Takes Hold
The CyberArk 2024 Threat Landscape Report predicts an increase in the volume and sophistication of identity-related attacks, as skilled and unskilled bad actors also increase their capabilities, including AI-powered malware and phishing.
-
All APJ organisations have adopted AI-powered tools as part of their cyber defences.
-
96% of APJ respondents expect AI-powered tools to create cyber risk for their organisation in the coming year.
-
Only around 70% are confident that their employees can identify deepfakes of their organisational leadership.
-
95% of APJ organisations have been a victim of a successful identity-related breach due to a phishing or vishing attack.
-
92% of APJ organisations were faced with successful ransomware attacks.
Vincent Goh, President and General Manager, Asia Pacific and Japan, CyberArk said “A majority (95%) of APJ organisations experienced identity-related breaches in the past year, in part due to the inadequate security controls for machine identities compared to human ones. Machine identities will continue to expand the attack surface for cyber adversaries, especially with the acceleration in AI adoption. Organisations in the region need to adopt a holistic cybersecurity strategy to secure both human and machine identities to effectively defend themselves against cyber attacks.”
Download the full report here.
