Credit: shutterstock
Tension between difficult economic conditions and the pace of technological innovation, including the evolution of artificial intelligence (AI), is fueling the growth of the identity attack surface and identity-led cybersecurity exposure.
That’s according to the CyberArk 2023 Identity Security Threat Landscape Report, which details how these issues have the potential to compound “cyber debt” where investment in digital and cloud technology outpaces cybersecurity spend. This create a rapidly expanding and unsecured identity-centric attack surface.
The research draws on findings of a worldwide survey of 2,300 cybersecurity decision makers across private and public sector organisations of 500 employees and above, nearly all of whom expect an identity-related compromise this year.
The findings come as cybercriminals prioritise stolen and exposed identity-based credentials to bypass security measures and enhance attacks. Stolen credentials were cited as the most common method used by threat actors to infiltrate organisations in the Verizon 2023 Data Breach Investigations Report.
Security cracks beginning to show as identity growth continues
In 2022, organisations experienced growing cyber debt where security spend over the pandemic period lagged investment in broader digital business initiatives, according to CyberArk.
Cyber debt levels could intensify this year, driven by an economic squeeze, elevated levels of staff turnover, consumer spend downturns, and an uncertain global environment, it added.
Meanwhile, businesses’ ongoing investment in digital and cloud initiatives in search of greater efficiencies and innovation have had knock-on effects on their cybersecurity, CyberArk said.
Technology adoption will lead to a 2.4-times growth in human and machine identities in 2023, along with a 68% increase in SaaS tool deployment, according to the report.
Machine identities will have access to corporate sensitive data and any identity – human or machine – could be compromised and used to unlock higher levels of privileges to access critical assets, the report said. SaaS tools are easy ingress points for attackers on the hunt for identities, and 75% of respondents said they face significant levels of risk from apps in their environment that only support password-based authentication.
As identity growth continues, security cracks are beginning to show – 63% of respondents admitted that the highest-sensitivity access for employees in their organisation is not adequately secured.
Sudden and widespread layoffs may exacerbate this problem, with 68% of those surveyed predicting workforce churn to create new security issues.
Furthermore, 74% of respondents are concerned about confidential information loss stemming from employees, ex-employees, and third-party vendors.
Ninety-three percent of respondents expect negative cyber impacts from AI tools in 2023, according to the report. In addition to the top threat of AI-enabled malware, 62% said company employees use unapproved AI-enabled tools that can increase security risk.
