A recent global report published by CyberArk sheds light on the escalating tension between challenging economic circumstances and the rapid pace of technological advancements, particularly in the field of artificial intelligence (AI). The report, titled “CyberArk 2023 Identity Security Threat Landscape Report,” emphasizes how these factors are contributing to the rise of identity-led cybersecurity vulnerabilities. According to the study, the combination of a projected 240% increase in human and machine identities, economic constraints, and a disproportionate focus on digital and cloud initiatives over cybersecurity expenditure could lead to a concerning accumulation of “cyber debt.” This scenario poses a serious threat, as it creates an expanding and inadequately protected attack surface centered around identities.
The report underlines the persisting organizational drive for enhanced business efficiency and innovation, despite the challenges posed by staffing cutbacks and macroeconomic forces. It highlights that organizations have experienced mounting cyber debt in 2022, where security investments fell behind those made in broader digital business ventures. The year 2023 brings additional risks, driven by economic constraints, increased staff turnover, reduced consumer spending, and an uncertain global environment. Consequently, cybersecurity has been adversely affected as investments in digital and cloud initiatives continue to outpace those in protective measures.
Survey results included in the report indicate that almost all organizations (99%) anticipate identity-related compromises in the coming year, stemming from factors such as economic-driven cutbacks, geopolitical influences, cloud adoption, and hybrid working models. A majority of respondents (58%) believe these compromises will occur within the context of digital transformation initiatives, such as the adoption of cloud technologies or migrating legacy applications. Moreover, the report highlights the emergence of new insider threats arising from disgruntled former employees or exploitable residual credentials, with 68% of organizations expecting cyber issues resulting from employee churn in 2023.
To further compound the challenges, organizations plan to deploy 68% more Software-as-a-Service (SaaS) tools within the next 12 months compared to their current usage. As both human and machine identities gain access to sensitive data through SaaS tools, the inadequate security of these tools can become a gateway for cyberattacks.
The report identifies critical areas of concern for identity and cybersecurity in 2023. Security professionals surveyed anticipate AI-enabled threats impacting their organizations, with AI-powered malware ranking as the top concern. Additionally, the study reveals that 89% of surveyed organizations experienced ransomware attacks in the past year, with 60% of those affected paying ransoms multiple times—a possible indication of double extortion campaigns. Moreover, within the energy, oil, and gas sectors, 67% of respondents expressed concern about their ability to detect or prevent attacks originating from their software supply chains, with the majority admitting to insufficient security measures in the past year.
The report emphasizes that identities, both human and machine, lie at the heart of nearly all cyberattacks. Approximately half of all identities require sensitive access, making them favored targets for exploitation. Critical areas of the IT environment are found to be inadequately protected, with business-critical applications, such as customer-facing platforms and financial management software, identified as the highest-risk areas due to unmanaged and unidentified identities accessing them. Shockingly, only 46% of organizations have implemented identity security controls to safeguard these crucial applications. Third-party entities, including partners, consultants, and service providers, were cited as the riskiest human identity type.
According to CyberArk CEO Matt Cohen, the push for business efficiency and innovation must address the issue of trust in order to prevent the accumulation of cyber debt and foster long-term cyber resilience. Cohen highlights the need for robust implementation of Zero Trust frameworks, prioritizing identity security, and securing sensitive access through measures such as Just-In-Time access, least privilege principles, and automatic provisioning and de-provisioning of access.
The CyberArk 2023 Identity Security Threat Landscape Report draws from a comprehensive survey conducted by market researchers Vanson Bourne, encompassing over 2,300 cybersecurity decision makers in organizations worldwide, both in the private and public sectors. The respondents hailed from various countries, including Brazil, Canada, Mexico, the United States, the Netherlands, Spain, the United Kingdom, Australia, India, France, Germany, Italy, Israel, Taiwan, Japan, and Singapore.
Be the first to comment