Johannesburg, 20 Aug 2024
According to a recent Identity Security Threat Landscape Report, more than nine out of every 10 organisations (93%) had two or more identity-related security breaches in just the past year.
Worse still, nearly half of the organisations surveyed anticipate a threefold increase in the total number of identities, with machine identities squarely in the driver’s seat, despite these being largely under-secured and over-privileged. This growth in vulnerable identities, boosted by the ongoing artificial intelligence (AI) transformation and pervasive cloud computing, makes this potentially the most critical threat to enterprises.
According to David Higgins, senior director at CyberArk’s Field Technology Office, the quantity of both human and machine identities is growing rapidly, which creates significant security challenges, as most security professionals rate machines as the riskiest identity type.
“With the widespread adoption of multicloud strategies and recent adoption of, and growing utilisation of, artificial intelligence (AI) related programs like large language models, machine identities are being created in vast numbers,” notes Higgins.
“The challenge for enterprises is that although these identities generally require sensitive or privileged access, machine identities are often not managed in the same way as human ones. In fact, machine identities often lack identity security controls, which turns them into a widespread and potent threat vector – one that is ripe to be exploited by bad actors with the AI-powered ability to execute at scale.”
While nearly all the surveyed organisations – and their adversaries – are using generative AI (GenAI), the report highlights the rise in volume of identity-related attacks, along with the increasing sophistication of election-year deepfakes. Perhaps even more concerning is the confidence most C-level executives have in their employees’ ability to identify realistic fake videos or audios of their leaders.
“When one considers that phishing and vishing attacks remain highly effective ways to breach an organisation, and then one thinks how these tried-and-true attack methods are combined with GenAI and/or deepfakes, it is easy to see why so many businesses still suffer breaches and financial losses from cyber attacks. After all, these new types of attacks are more difficult to detect, as AI automates and personalises the attack process.
“The rapid rise of AI and deepfakes puts enterprises at increasing risk of widespread mis- and disinformation, phishing and vishing attacks, breaches, data loss, regulatory fines and reputational damage – all at scales previously unknown to business.”
Higgins explains that with phishing and vishing identified as the number one reason for an identity-related breach, it is natural for organisations to focus security resources on the weakest link: human identities. However, research indicates that machine identities are the primary driving force behind the exponential growth of the total number of identities. In other words, it won’t be long before chatbots and virtual assistants are being phished.
“It is therefore imperative for businesses to define both human and machine identities as privileged users. This entails assessing every user machine, service account and workload, to apply security controls where they were previously limited or missing, due to an overly narrow definition. This means involving corporate cyber security teams with your developers and engineering teams from day one of their projects. Both parties need to agree on how to strike a balance between productivity and security,” says Higgins.
“Furthermore, a lack of rigorous focus on vendor risk management creates additional security risks. Supply chain breaches can easily cascade to your organisation, creating a multiplier effect on risk. With 94% of respondents claiming to use more than 10 vendors for identity-related cyber security initiatives, enterprises can easily find themselves tangled in a fishing line of multiple systems, applications and services across different platforms and locations – something that creates a vast attack vector for bad actors.”
Overcoming this challenge is a long-term project, but one that it is critical for businesses to undertake. CyberArk suggests that enterprises begin by auditing and evaluating all legacy and new technologies across their environment. They should then assess the risks these disparate tools address versus the time and effort required to maintain them. Finally, it is important to create a plan to consolidate your technology stack based on the right balance for your organisation.
“Considering all of the above, it is clear that the imperative to establish a robust cyber security posture starts with securing every identity across the IT environment, including those of your immediate suppliers. Moreover, achieving this will require a new cyber security model centred on identity security.
“Since the report highlights that identity breaches have affected nearly all organisations, it also demonstrates that siloed, legacy solutions are ineffective at solving today’s problems. Ultimately, the answer to the challenges arising from the growing use of GenAI and deepfakes is to properly secure all your corporate identities. In essence, you could say that the future of security starts with identity,” concludes Higgins.
Share