Identity Security Threat Landscape Report

A new global report released by CyberArk reveals how the tension between difficult economic conditions and the pace of technology innovation, including the evolution of artificial intelligence (AI), is influencing the growth of identity-led cybersecurity exposure.

The 2023 Identity Security Threat Landscape Report details how these issues – aligned to an expected double (100%) the growth in human and machine identities in Australia – have the potential to result in a compounding of ‘cyber debt’: where investment in digital and cloud initiatives outpaces cybersecurity spend, creating a rapidly expanding and unsecured identity-centric attack surface.

Economic Squeeze Allied to Pace of Digital Acceleration Puts Organisations at Risk 

In 2022 organisations experienced growing cyber debt, where security spend over the pandemic period lagged investment in broader digital business initiatives. In 2023, levels of cyber debt are at risk of compounding, driven by an economic squeeze, elevated levels of staff turnover, a consumer spend downturn and an uncertain global environment.

With investment in digital and cloud initiatives still ongoing as business leaders seek to unlock greater efficiencies and innovation, these factors have had knock-on effects to cybersecurity.

• Fueling a new wave of insider threat concerns, over two-thirds (71%) of Australian organisations expect employee churn-driven cyber issues in 2023.
• 98% expect identity-related compromise this year, with a majority (52%) saying this will happen as part of a digital transformation initiative such as cloud adoption or legacy app migration.
• Australian organisations also cited economic-driven cutbacks and geopolitical factors (44%),  hybrid working (41%) and cloud adoption (37%) will be key drivers of identity-related compromises.

The 2023 Threat Landscape

Report findings reveal upcoming areas of identity and cybersecurity concern this year.

• 89% of security professionals surveyed expect AI-enabled threats to affect their organisation in 2023, with AI-powered malware cited as the number one concern. 
• Over nine in 10 (91% – up from 80% in our 2022 report) of the Australian organisations surveyed experienced ransomware attacks in the past year, and 57% of affected organisations reported paying-up twice or more to allow recovery, signaling that they were likely victims of double extortion campaigns.
• Over two thirds (68%) of Australian organisations stated they would not be able to prevent – or even detect – an attack stemming from their supply chain (versus 59% for all organisations globally). 71% also admit they hadn’t taken any measures to further secure their software supply chain in the last 12 months.

Expanded Identity-Centric Attack Surface 

Identities – both human and machine – are at the heart of all, or nearly all, attacks. Nearly half of Australian organisations stated both human and machine identities are equally difficult to secure and manage. With nearly half of identities requiring sensitive access to perform their roles, it is evident why they are a favoured attack vector.

• Employee identities – including contractors – are considered the riskiest human identity type to cause the biggest business impact by close to half (44%) of Australian organisations.
• Credential access remains the biggest area of risk for 39% of Australian organisations, followed by impact (35%), persistence (33%), initial access (32%) and discovery (26%).

The report also found that critical areas of the IT environment are inadequately protected, with 69% stating highest-sensitivity employee access is not adequately secured, and 68% lacking a complete picture of human and non-human access to sensitive data and assets, with machine identities having more access to sensitive data than humans (48% vs 39%).

“In light of the increasing legislative pressure faced by Australian organisations and the rapid growth of human and machine identities due to accelerated digitalisation, we have arrived at a critical juncture. It is no longer acceptable for the majority of Australian organisations to overlook the necessity of robust security measures that safeguard sensitive data and assets. The stakes are high, with the potential for severe financial and operational risks looming. The time is now to take immediate action to mitigate these risks and ensure the long-term cyber resilience within organisations,” said Thomas Fikentscher, Regional Director for Australia and New Zealand.

“The organisational desire to drive ever-greater business efficiencies and innovation remains undiminished, even as cutbacks in staffing and macro-economic forces are creating significant pressures,” said Matt Cohen, chief executive officer, CyberArk. “Business transformation, driven by digital and cloud initiatives, continues to result in a surge in new enterprise identities. While attackers are constantly innovating, compromising identities remains the most effective way to circumvent cyber defenses and access sensitive data and assets. Such profound risk puts the issue of “who and what to trust” at the forefront of efforts to prevent cyber debt from compounding, and to build long-term cyber resilience.”

What Can Be Done?

• Zero Trust Alignment: Identity security is critical for a robust Zero Trust implementation. Respondents said that identity management (89%) and endpoint security/device trust (82%) are “critical” or “important” to supporting Zero Trust.
• Strategies to Secure Sensitive Access: The top three measures to improve identity security that Australian organisations plan on introducing in 2023:

• 35% plan to eliminate embedded credentials to secure passwords, secrets and other credential used by applications and machines
• 32% plan to adopt processes to monitor access to SaaS applications and equally the same percentage plan to remove standing access for third-party vendors; and
• 29% plan to implement least privilege access principles to secure business-critical applications.