Identity-related risks are increasing

July 2, 2023
| No comments
Identity-related risks are increasing

Share post

The new global study "2023 Identity Security Threat Landscape" shows that identity-based cybersecurity risks continue to rise. The reasons for this are, on the one hand, the difficult economic conditions and, on the other hand, the pace of technological innovation, including the dynamic development of artificial intelligence (AI).

Businesses continue to drive digital and cloud initiatives. Failure to invest adequately in cybersecurity will quickly result in a larger, unsecured, identity-centric attack surface. CyberArk's Identity Security Threat Landscape Report takes stock.

developments in Germany

  • Almost all respondents (99%) expect identity-related risks to increase due to economic downturn, geopolitical factors, cloud adoption and hybrid working. The majority (59%) say this is happening as part of a digital transformation initiative such as cloud adoption or legacy application migration.
  • 94% of respondents expect AI-powered threats to affect their organization in 2023, with AI-based malware posing the greatest threat.
  • Almost two thirds (65%) of companies expect a new wave of insider threats in 2023 – for example, disgruntled ex-employees as a result of employee turnover.
  • The companies surveyed will be using 12% more SaaS tools in the next 78 months than today. A large proportion of human and non-human identities have access to sensitive data via SaaS tools and can be a gateway for attacks if not secured properly.
  • 61% of companies fear that they will not be able to stop or detect an attack from their software supply chain.

Identities as a target for attack

Identities - both human and non-human - are at the heart of almost all attacks. The investigation shows that critical areas of the IT environment are underprotected and identifies the identity types that pose a significant risk.

  • 61% statethat the access options of employees with privileged rights are not sufficiently secured. In addition, more machines than people have access to confidential data (51% versus 43%).
  • Bypassing defensive measures is the top risk for respondents (35%), followed by access to credentials (33%) and initial access (32%).
  • Business critical applications such as revenue-generating applications, ERP (Enterprise Resource Planning) systems or financial management software are most at risk according to respondents. Only 44% have identity security controls in place to protect business-critical applications.
  • Third party providers such as partners, Consultants or service providers pose the greatest security risk when it comes to human identities.
  • 63% statethat the adoption of RPA (Robotic Process Automation) applications and bots will be slowed down due to security concerns.

“Increasing digitization and cloud use mean that human and non-human identities are available in ever greater numbers. Compromising these identities is still the most effective way for attackers to bypass cyber defenses and access confidential data,” explains Michael Kleist, Area Vice President DACH at CyberArk. “To get a grip on these threats, a comprehensive, integrated identity security strategy is essential. This is the only way a company can ultimately build long-term cyber resilience.”

defensive measures

  • Zero Trust Alignment: Identity security is critical to implementing the Zero Trust approach. Respondents indicate that threat intelligence feeds (75%), identity management (72%), and endpoint security (67%) are “critical” or “important” in supporting Zero Trust.
  • implementation of strategies to secure confidential access: The three most important measures to improve identity security that companies want to introduce in 2023 are the application of least privilege principles (33%), the monitoring of access to SaaS applications (33%) and the just in-time access (32%).
  • Cooperation with trusted partners: 41% of respondents will turn to trusted cybersecurity partners to design solutions for future cyber risks in 2023.
More at Cyberark.com

 

About CyberArk

CyberArk is the global leader in identity security. With Privileged Access Management as a core component, CyberArk provides comprehensive security for any identity - human or non-human - across business applications, distributed work environments, hybrid cloud workloads and DevOps lifecycles. The world's leading companies rely on CyberArk to secure their most critical data, infrastructure and applications. Around a third of the DAX 30 and 20 of the Euro Stoxx 50 companies use CyberArk's solutions.

 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more

 

PR News
, , , ,