Most Organizations Had At Least Two Identity-Related Breaches In Past Year

Security professionals rate machines as the riskiest identity type, reveals the CyberArk Identity Security Threat Landscape 2024 Report.

While the quantity of both human and machine identities is growing quickly, a new global research report found that security professionals rate machines as the riskiest identity type. In part due to widespread adoption of multi-cloud strategies and growing utilization of Artificial Intelligence-related programs like Large Language Models, machine identities are being created in vast numbers, according to the CyberArk 2024 Identity Security Threat Landscape Report.

machine identities
(Source: CyberArk 2024 Identity Security Threat Landscape Report)

Many of these identities require sensitive or privileged access. However, contrary to how human access to sensitive data is managed, machine identities often lack identity security controls, and therefore represent a widespread and potent threat vector ready to be exploited.

Siloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems, the report reveals. It provides unique perspectives on how AI boosts cyber defenses as well as attacker capabilities; increases the pace at which identities are created in new and complex environments; and highlights the scale of identity-related breaches affecting organizations.

Here are some key findings from the report:

  • 93% of organizations had two or more identity-related breaches in the past year.
  • Machine identities are the #1 cause of identity growth and are considered by respondents to be the riskiest identity type.
  • 50% of organizations expect identities to grow 3x in the next 12 months (average: 2.4x).
  • 61% of organizations define a privileged user as human-only. Only 38% of organizations define all human and machine identities with sensitive access as privileged users.
  • In the next 12 months, 84% of organizations will use three or more Cloud Service Providers (CSPs).
Will Employees Be Fooled By Deepfakes?
machine identities
(Source: CyberArk 2024 Identity Security Threat Landscape Report)

Consistent with the 2023 report, the 2024 Threat Landscape Report found that nearly all (99%) of organizations are using AI in cybersecurity defense initiatives. Furthermore, the report predicts an increase in the volume and sophistication of identity-related attacks, as skilled and unskilled bad actors also increase their capabilities, including AI-powered malware and phishing. In related findings, counter to expectations, the majority of respondents are confident that deepfakes targeting their organization won’t fool their employees.

  • 99% of organizations have adopted AI-powered tools as part of their cyber defenses.
  • 93% of respondents expect AI-powered tools to create cyber risk for their organization in the coming year.
  • 70%+ are confident that their employees can identify deepfakes of their organizational leadership.
  • Nine out of 10 organizations have been a victim of a successful identity-related breach due to a phishing or vishing attack.

“Digital initiatives to drive organizations forward inevitably create a plethora of human and machine identities, many of which have sensitive access and all of which must have identity security controls applied to them in order to guard against identity-centric breaches,” said Matt Cohen, chief executive officer, CyberArk. “The report shows that identity breaches have affected nearly all organizations – multiple times in nearly all cases – and demonstrates that siloed, legacy solutions are ineffective at solving today’s problems. To stay ahead a paradigm shift is required, where resilience is built around a new cybersecurity model that places identity security at its core.”

Read the full report for further insight on what is behind human and machine identity growth, where related cyber risk lies, how AI is being used in cyber defenses, and more.

Read more about business resilience and continuity at Continuity Insights.

Business Continuity, Featured, Professional Development, Safety and Security, Technology

CyberArk, CyberArk Identity Security Threat Landscape Report, Cybersecurity, Identity Security, Machine Identities. Artificial Intelligence, Professional Development, security, Security Breaches, Survey, Threat Landscape

Sponsored Content

Webinars, Podcasts & Videos

Business Continuity Webinar

Did You Miss Our Latest Business Continuity Webinar?

It's not too late! You can still watch the “Business Continuity Exercise Planning and Facilitation Techniques To Start Now” video webinar.

facility resilience webinar

From Prevention To Action: The Role Of Facilities Management In Handling Emergencies And Maintenance

This free webinar on facility resilience will provide actionable strategies to safeguard assets, protect lives, and ensure operational continuity.

adaptive decision-making

Listen Now: Decision-Making During A Crisis

Robert C. Chandler, Ph.D, Founder and Principal of Emperiria discusses his research on adaptive decision-making in this podcast.

Receive the latest articles in your inbox

Share to...