CyberArk, an identity security company, has unveiled a new global research report revealing that fragmented approaches to securing human and machine identities are fueling identity-based attacks across enterprises and their ecosystems.
The CyberArk 2024 Identity Security Threat Landscape Report provides a comprehensive look at how AI enhances both cyber defenses and attacker capabilities, accelerates the creation of identities in new and complex environments, and underscores the prevalence of identity-related breaches.
The report surveyed 2,400 cybersecurity decision-makers in over 18 countries, including the UAE. It found that 99% of UAE organizations experienced two or more identity-related breaches in the past year, highlighting significant challenges.
Growing Cyber Risks from Machine Identity Security
As the number of human and machine identities rapidly increases, security professionals worldwide identify machine identities as the riskiest. The widespread adoption of multi-cloud strategies and AI-related programs, like Large Language Models, has led to a surge in machine identities, many of which require sensitive or privileged access. Unlike human access to sensitive data, machine identities often lack robust security controls, making them a potent threat vector.
Key UAE Findings:
– Identity-Related Breaches: 99% of organizations had two or more breaches last year.
– Machine Identities: The primary driver of identity growth, considered the riskiest identity type.
– Growth Expectations: 94% expect identities to grow threefold or more in the next 12 months.
– Supply Chain Concerns: 28% are worried about securing machine identities in their software supply chain.
Tom Lowndes, Director, Middle East at CyberArk, emphasized the importance of understanding sensitive access and the associated attack surface to mitigate identity-centric breaches.
AI’s Role in Cybersecurity and Rising Threats
According to CyberArk’s report, all UAE organizations are leveraging AI in their cybersecurity defenses. However, the report predicts an increase in the volume and sophistication of identity-related attacks, driven by both skilled and unskilled actors using AI-powered tools.
AI-Related Insights:
– AI Adoption: 100% of organizations are using AI in some capacity, with 35% employing AI for advanced analytics and 31% addressing cyber skills and resource challenges.
– AI Risks: 99% anticipate AI-powered tools to generate new cyber risks, including AI-powered malware, phishing, data leakage, and deepfake scams.
– Deepfake Identification: 83% are confident in their employees’ ability to recognize deepfakes.
– Phishing and Vishing Attacks: 97% of organizations have suffered identity-related breaches from these attacks.
– Increased Investment: 100% have boosted investment in identity-related products or services following breaches.
The full report, including specific findings for EMEA and the UAE, delves deeper into the growth of human and machine identities, associated cyber risks, and the role of AI in cybersecurity defenses. It also offers recommendations to ensure security practices evolve alongside organizational initiatives to mitigate cybersecurity debt.
