The pandemic years saw organisational digital initiatives drive hundreds of thousands of new human and non-human identities per firm, with cybersecurity investments to secure these initiatives often not keeping pace. According to new research from CyberArk, the resulting ‘cyber debt’ from this lag is set to compound in 2023.
The CyberArk 2023 Identity Security Threat Landscape Report found that every UK organisation asked (100%) anticipates they will experience an identity-related security compromise in 2023, with a majority (61%) saying this will happen as a result of a digital transformation initiative such as cloud adoption or legacy app migration. Alongside this, 61% expect employee churn to drive cyber issues in 2023. It’s a particularly concerning find given investment in digital and cloud initiatives is still ongoing as business leaders seek to unlock greater efficiencies. UK firms expect human and machine identities – many with sensitive access - to grow 3.4x in 2023.
Organisations believe macro issues, such as the global economic squeeze, elevated levels of staff turnover and an uncertain political environment are also likely to lead to identity-centric compromise.
Against a backdrop of the growing popularity and fast adoption of generative AI, the research also revealed that 87% of UK security professionals expect AI-enabled threats to affect their organization this year, with AI-powered malware cited as the number one concern. UK cybersecurity teams also report embracing AI at scale, with 88% adopting it, for example, to address the cyber skills gap, or for breach detection.
“Despite firms having to tighten their belts – cutting costs through reduced staffing and budgets - the drive within organisations to enhance business efficiencies through cloud and digital initiatives remains strong. New environments create new identities to secure and, consequently, compromising identities will remain the most efficient method for attackers to evade cyber defences and gain access to critical data and assets”, said Rich Turner, senior vice president, EMEA at CyberArk.
“The identity-centric attack surface is one that is a priority to secure. To be best positioned to weather the current storm, firms should follow a risk-based strategy to secure critical assets. The stakes are high and, in this environment, we now increasingly see organisations initiate programmes to consolidate operations on a smaller set of trusted partners and solutions to build resilience.”
