The past 12 months have seen a whirlwind of advancements and integration of new technologies in the cybersecurity realm. A multitude of fresh identities, environments, and attack methods are reshaping the cybersecurity threat landscape at a rapid pace, making it more intricate and diversifying the focus on risk reduction. A recent CyberArk study unveils the surge in machine identities and the growing dependence on third- and fourth-party providers, further exacerbating existing threats and introducing novel vulnerabilities.
According to the CyberArk 2024 Identity Security Threat Landscape Report, which gathered input from 2,400 identity-related cybersecurity professionals and decision-makers across 18 countries, a staggering 93% of organizations have encountered two or more breaches as a result of identity-related cyberattacks. Furthermore, these organizations project a more than 2.4-fold increase in the total number of identities within the next year.
Multiple factors contribute to the rise in identity-related attacks, such as the escalation in the volume and complexity of cyberattacks orchestrated by both skilled and unskilled malicious actors utilizing generative AI (GenAI) to amplify their malicious activities. These threat actors exploit unsecured identities within a complex and burgeoning digital ecosystem to gain entry into the victims’ environments. Consequently, nearly all organizations affected by identity-related attacks experience adverse business repercussions.
GenAI plays a pivotal role in both organizational cybersecurity initiatives and cybercriminal operations. While 99% of organizations leverage AI-powered tools for cybersecurity, bad actors also employ GenAI to enhance the scale and sophistication of their attacks. As a result, organizations foresee a negative impact from the use of AI, anticipating a surge in AI-augmented malware, phishing, and data breaches. The prevalence of breaches due to phishing or vishing attacks in the past year has emphasized the difficulty in detecting AI-powered cyberattacks, thereby elevating the likelihood of widespread organizational breaches.
The emergence of deepfake content generated by GenAI poses a challenge in discerning authentic from manipulated content. Despite over 70% of B2B respondents expressing confidence in employees’ ability to identify deepfake content featuring organizational leaders, there may be a sense of complacency driven by an illusion of control. The extent of the damage inflicted by GenAI-augmented attacks and the risk associated with compromising data models supporting defensive GenAI remain uncertain, underscoring the need to strategize for more advanced future attacks and fortify the protection of data models used by machine intelligence.
The report also sheds light on the escalating prevalence of machine identities, with nearly half of cybersecurity experts foreseeing a threefold increase in such identities. These machine identities, often under-secured and over-privileged, are proliferating due to ongoing automation efforts and widespread cloud computing. While the growth in machine identities is not surprising, the narrow definition of “privileged user” within organizations poses a significant concern. The focus on securing human identities primarily overlooks the security of machine identities and necessitates considerable manual effort to address security incidents.
Moreover, the report highlights the inadequate attention given to vendor risk management despite the expanding web of digital ecosystems. With organizations increasingly engaging multiple cloud service providers and a surge in SaaS applications, the network of third-party providers extends to a range of external entities, elevating the risk of third- and fourth-party breaches cascading to the organization. Despite concerns about third- and fourth-party risks among respondents, vendor risk management ranks low in post-breach investments, emphasizing the need for regular vendor risk assessments and enhanced accountability among vendors.
In addressing cybersecurity challenges, organizations must strike a balance between adopting new technologies and fortifying foundational controls to mitigate existing vulnerabilities and prevent the accumulation of cyber debt. The persistence and effectiveness of core social engineering attacks underscore the importance of consistent risk management strategies across all identities and environments.
As the cybersecurity landscape evolves, a collaborative approach to securing identities across the IT environment is essential in fortifying organizational defenses. Emphasizing the significance of identity security as a cornerstone of robust cybersecurity posture, organizations must pivot towards a new cybersecurity model centered on safeguarding identities to effectively combat evolving threats. In an era where talent and intelligence play pivotal roles in winning battles, teamwork emerges as the key to triumph against cybersecurity threats. The future of cybersecurity hinges on securing identities across all facets of the IT landscape.
For a comprehensive dive into navigating the evolving cybersecurity landscape, download the CyberArk 2024 Identity Security Threat Landscape Report.