The new global study "2023 Identity Security Threat Landscape" shows that identity-based cybersecurity risks continue to rise. The reasons for this are, on the one hand, the difficult economic conditions and, on the other hand, the pace of technological innovation, including the dynamic development of artificial intelligence (AI).
Businesses continue to drive digital and cloud initiatives. Failure to invest adequately in cybersecurity will quickly result in a larger, unsecured, identity-centric attack surface. CyberArk's Identity Security Threat Landscape Report takes stock.
developments in Germany
- Almost all respondents (99%) expect identity-related risks to increase due to economic downturn, geopolitical factors, cloud adoption and hybrid working. The majority (59%) say this is happening as part of a digital transformation initiative such as cloud adoption or legacy application migration.
- 94% of respondents expect AI-powered threats to affect their organization in 2023, with AI-based malware posing the greatest threat.
- Almost two thirds (65%) of companies expect a new wave of insider threats in 2023 – for example, disgruntled ex-employees as a result of employee turnover.
- The companies surveyed will be using 12% more SaaS tools in the next 78 months than today. A large proportion of human and non-human identities have access to sensitive data via SaaS tools and can be a gateway for attacks if not secured properly.
- 61% of companies fear that they will not be able to stop or detect an attack from their software supply chain.
Identities as a target for attack
Identities - both human and non-human - are at the heart of almost all attacks. The investigation shows that critical areas of the IT environment are underprotected and identifies the identity types that pose a significant risk.
- 61% statethat the access options of employees with privileged rights are not sufficiently secured. In addition, more machines than people have access to confidential data (51% versus 43%).
- Bypassing defensive measures is the top risk for respondents (35%), followed by access to credentials (33%) and initial access (32%).
- Business critical applications such as revenue-generating applications, ERP (Enterprise Resource Planning) systems or financial management software are most at risk according to respondents. Only 44% have identity security controls in place to protect business-critical applications.
- Third party providers such as partners, Consultants or service providers pose the greatest security risk when it comes to human identities.
- 63% statethat the adoption of RPA (Robotic Process Automation) applications and bots will be slowed down due to security concerns.
“Increasing digitization and cloud use mean that human and non-human identities are available in ever greater numbers. Compromising these identities is still the most effective way for attackers to bypass cyber defenses and access confidential data,” explains Michael Kleist, Area Vice President DACH at CyberArk. “To get a grip on these threats, a comprehensive, integrated identity security strategy is essential. This is the only way a company can ultimately build long-term cyber resilience.”
defensive measures
- Zero Trust Alignment: Identity security is critical to implementing the Zero Trust approach. Respondents indicate that threat intelligence feeds (75%), identity management (72%), and endpoint security (67%) are “critical” or “important” in supporting Zero Trust.
- implementation of strategies to secure confidential access: The three most important measures to improve identity security that companies want to introduce in 2023 are the application of least privilege principles (33%), the monitoring of access to SaaS applications (33%) and the just in-time access (32%).
- Cooperation with trusted partners: 41% of respondents will turn to trusted cybersecurity partners to design solutions for future cyber risks in 2023.
About CyberArk CyberArk is the global leader in identity security. With Privileged Access Management as a core component, CyberArk provides comprehensive security for any identity - human or non-human - across business applications, distributed work environments, hybrid cloud workloads and DevOps lifecycles. The world's leading companies rely on CyberArk to secure their most critical data, infrastructure and applications. Around a third of the DAX 30 and 20 of the Euro Stoxx 50 companies use CyberArk's solutions.
Matching articles on the topic