A new report from CyberArk, the CyberArk 2023 Identity Security Threat Landscape Report, suggests that the tension between difficult economic conditions and the pace of technological innovation is contributing to a significant increase in identity-related cybersecurity risks. The report highlights the rapid growth of the identity attack surface, which is driven by the evolution of artificial intelligence (AI) and the widespread adoption of digital and cloud technology.
The research, based on a survey of 2,300 cybersecurity decision makers across private and public sector organizations, reveals that almost all of the respondents expect an identity-related compromise this year. This aligns with the growing trend of cybercriminals prioritizing stolen and exposed identity-based credentials to bypass security measures and strengthen their attacks. In fact, the recent Verizon 2023 Data Breach Investigations Report identified stolen credentials as the most common method used by threat actors to infiltrate organizations.
One of the key findings of the CyberArk report is that security cracks are starting to show as the growth of identities continues. The study highlights the concept of “cyber debt,” where investment in digital and cloud technology outpaces cybersecurity spend. This creates an expanding and unsecured identity-centric attack surface. The economic squeeze, elevated levels of staff turnover, consumer spend downturns, and the uncertain global environment contribute to the accumulation of cyber debt in organizations.
According to CyberArk, technology adoption is expected to lead to a 2.4-times growth in human and machine identities in 2023, accompanied by a 68% increase in software-as-a-service (SaaS) tool deployment. This exponential growth in identities, both human and machine, increases the risk of compromised credentials and unauthorized access to critical assets. SaaS tools, in particular, are vulnerable entry points for attackers looking for identities. The report reveals that 75% of respondents face significant levels of risk from password-based authentication apps in their environment.
One alarming finding is that 63% of respondents admitted that the highest-sensitivity access for employees in their organization is not adequately secured. This highlights the security gaps that arise as the growth of identities outpaces security measures. Additionally, the report warns that sudden and widespread layoffs could exacerbate this problem, as 68% of the survey participants predict workforce churn to create new security issues. Furthermore, 74% of respondents express concerns about the loss of confidential information due to employees, ex-employees, and third-party vendors.
The report also addresses the potential cyber risks associated with AI tools. It reveals that 93% of respondents expect negative cyber impacts from AI tools in 2023. While AI-enabled malware is identified as the top threat, 62% of respondents indicate that employees in their organizations use unapproved AI-enabled tools, further increasing security risks.
In summary, the CyberArk 2023 Identity Security Threat Landscape Report emphasizes the urgent need for organizations to address the growing identity attack surface and identity-led cybersecurity exposure. The report urges organizations to prioritize cybersecurity spend to mitigate cyber debt and strengthen their defenses against identity-related compromises. It also recommends implementing multi-factor authentication and robust access controls to secure high-sensitivity access. With the rapid evolution of technology and the increasing complexity of cyber threats, organizations must remain vigilant and proactive in protecting their identities and critical assets from cybersecurity risks.