CyberArk Survey: AI Tool Use, Employee Churn and Economic Pressures Fuel the Identity Attack Surface
June 13 2023 - 8:30AM
Business Wire
- 99% expect their organization to suffer identity-related
compromise in 2023
- 93% anticipate AI-enabled attack
- Two-thirds expect layoffs and workforce churn to create new
cybersecurity issues
A new global report released today by CyberArk (NASDAQ: CYBR)
shows how the tension between difficult economic conditions and the
pace of technology innovation, including the evolution of
artificial intelligence (AI), is influencing the growth of
identity-led cybersecurity exposure. The CyberArk 2023 Identity
Security Threat Landscape Report details how these issues - allied
to an expected 240% growth in human and machine identities – have
the potential to result in a compounding of ‘cyber debt’: where
investment in digital and cloud initiatives outpaces cybersecurity
spend, creating a rapidly expanding and unsecured identity-centric
attack surface.
This press release features multimedia. View
the full release here:
https://www.businesswire.com/news/home/20230613944704/en/
AI Tool Use, Employee Churn and Economic
Pressure Fuel the Identity Attack Surface (Graphic: Business
Wire)
Economic Squeeze Allied to Pace of Digital Acceleration Puts
Organizations at Risk
In 2022 organizations experienced growing cyber debt, where
security spend over the pandemic period lagged investment in
broader digital business initiatives. In 2023, levels of cyber debt
are at risk of compounding, driven by an economic squeeze, elevated
levels of staff turnover, a consumer spend downturn and an
uncertain global environment. With investment in digital and cloud
initiatives still ongoing as business leaders seek to unlock
greater efficiencies and innovation, these factors have had
knock-on effects to cybersecurity.
- Nearly all (99%) expect identity-related compromise this year,
stemming from economic-driven cutbacks, geopolitical factors, cloud
adoption and hybrid working. A majority (58%) say this will happen
as part of a digital transformation initiative such as cloud
adoption or legacy app migration.
- Fueling a new wave of insider threat concerns from – for
example – disgruntled ex-staffers or exploitable leftover
credentials, over two-thirds (68%) of organizations expect employee
churn-driven cyber issues in 2023.
- Organizations will deploy 68% more SaaS tools in the next 12
months vs. what they have now. Large proportions of human and
machine identities have access to sensitive data via SaaS tools and
if not secured properly can be a gateway for attack.
The 2023 Threat Landscape
Report findings reveal upcoming areas of identity and
cybersecurity concern this year.
- 93% of security professionals surveyed expect AI-enabled
threats to affect their organization in 2023, with AI-powered
malware cited as the #1 concern.
- Nearly nine in 10 (89% – up from 73% in our 2022 report) of the
organizations surveyed experienced ransomware attacks in the past
year, and 60% of affected organizations reported paying-up twice or
more to allow recovery, signaling that they were likely victims of
double extortion campaigns.
- 67% of energy, oil and gas companies expect they would not be
able to stop – or even detect – an attack stemming from their
software supply chain (versus 59% for all organizations). Most
respondents from this vertical (69%) also admit they hadn’t
attempted to mitigate this through implementing better security in
the last 12 months.
Expanded Identity-Centric Attack Surface
Identities – both human and machine – are at the heart of all,
or nearly all, attacks. Nearly half of identities require sensitive
access to perform their roles and are a favored attack vector as a
result. The report found that critical areas of the IT environment
are inadequately protected and identifies the identity types that
represent significant risk.
- 63% say highest-sensitivity employee access is not adequately
secured and greater numbers of machines have sensitive access than
humans (45% vs. 38%).
- Credential access remains the #1 risk for respondents (cited by
35%), followed by defense evasion (31%), execution (28%), initial
access (28%) and privilege escalation (27%).
- Business critical applications e.g., revenue-generating
customer-facing applications, enterprise resource planning (ERP)
and financial management software – were named as the area of
greatest risk due to the unknown and unmanaged identities that
access them. Only 46% have identity security controls in place to
secure business-critical apps.
- Third parties – partners, consultants and services providers –
cited as #1 riskiest human identity type.
- 69% say robotic process automation (RPA) and bot deployments
are being slowed due to security concerns.
“The organizational desire to drive ever-greater business
efficiencies and innovation remains undiminished, even as cutbacks
in staffing and macro-economic forces are creating significant
pressures,” said Matt Cohen, chief executive officer, CyberArk.
“Business transformation, driven by digital and cloud initiatives,
continues to result in a surge in new enterprise identities. While
attackers are constantly innovating, compromising identities
remains the most effective way to circumvent cyber defenses and
access sensitive data and assets. Such profound risk puts the issue
of ‘who and what to trust’ at the forefront of efforts to prevent
cyber debt from compounding, and to build long-term cyber
resilience.”
What Can Be Done?
- Zero Trust Alignment: Identity security is critical for
a robust Zero Trust implementation. Respondents said that identity
management (79%) and endpoint security/device trust (78%) are
“critical” or “important” to supporting Zero Trust.
- Strategies to Secure Sensitive Access: The top three
measures to improve identity security that organizations plan on
introducing in 2023: Just-In-Time access (cited by 32% of
respondents); adopting least privilege principles to secure
business-critical applications (32%); and automatic provisioning
and de-provisioning of access (31%).
- Consolidate with Trusted Partners: Over half of
respondents (51%) will look to trusted cybersecurity partners to
help forecast and design solutions for future cyber risk in
2023.
About the Report
The CyberArk 2023 Identity Security Threat Landscape Report
represents the findings of a worldwide survey across private and
public sector organizations of 500 employees and above. It was
conducted by market researchers Vanson Bourne amongst 2,300
cybersecurity decision makers. Respondents were based in Brazil,
Canada, Mexico, the US, France, Germany, Italy, the Netherlands,
Spain, the UK, Australia, India, Israel, Japan, Singapore and
Taiwan. To learn more, visit:
https://www.cyberark.com/threat-landscape/.
About CyberArk
CyberArk (NASDAQ: CYBR) is the global leader in Identity
Security. Centered on intelligent privilege controls, CyberArk
provides the most comprehensive security offering for any identity
– human or machine – across business applications, distributed
workforces, hybrid cloud environments and throughout the DevOps
lifecycle. The world’s leading organizations trust CyberArk to help
secure their most critical assets. To learn more about CyberArk,
visit https://www.cyberark.com, read the CyberArk blogs or follow
on LinkedIn, Twitter, Facebook or YouTube.
Copyright © 2023 CyberArk Software. All Rights Reserved. All
other brand names, product names, or trademarks belong to their
respective holders.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20230613944704/en/
Media Contacts: Carissa Ryan, CyberArk
Email: press@cyberark.com
Highwire PR Email: cyberark@highwirepr.com
Investor Relations: Erica Smith, CyberArk
Email: ir@cyberark.com
CyberArk Software (NASDAQ:CYBR)
Historical Stock Chart
From Jun 2024 to Jul 2024
CyberArk Software (NASDAQ:CYBR)
Historical Stock Chart
From Jul 2023 to Jul 2024