The CyberArk 2024 Identity Security Threat Landscape Report revealed that security professionals rate machines as one of the riskiest identity types, more than human identities.
In part due to the widespread adoption of multi-cloud strategies and growing utilization of AI-related programs like Large Language Models, machine identities are being created in vast numbers. Many of these identities require sensitive or privileged access.
However, contrary to how human access to sensitive data is managed, machine identities often lack identity security controls, and therefore represent a widespread and potent threat vector ready to be exploited.
- 98% of Hong Kong organisations had two or more identity-related breaches in the past year.
- Machine identities are a key cause of identity growth and are considered by respondents to be one of the riskiest identity types.
- 51% of Hong Kong organisations report that more than half of their machine identities, or even the majority of machine identities, are accessing sensitive data – an alarming trend.
- 41% of Hong Kong organisations expect identities to grow 2x in the next 12 months (average: 2.4x).
- 63% of Hong Kong organisations define a privileged user as human-only. Only 37% of Hong Kong organisations define all human and machine identities with sensitive access as privileged users.
- In the next 12 months, 84% of Hong Kong organisations will use three or more Cloud Service Providers (CSPs), which is identified as the third reason for identity-related attacks.
AI vs AI
The 2024 Threat Landscape Report found that 99% of organisations are using AI in cybersecurity defence initiatives. The report predicts an increase in the volume and sophistication of identity-related attacks, as skilled and unskilled bad actors also increase their capabilities, including AI-powered malware and phishing.
In what may well be too early to start celebrating, 60% of respondents are confident that deepfakes targeting their organisation won’t fool their employees.
- 99% of Hong Kong organisations have adopted AI-powered tools as part of their cyber defences.
- A significant 97% of Hong Kong respondents expect AI-powered tools to create cyber risk for their organisation in the coming year.
- 60% are confident that their employees can identify deepfakes of their organisational leadership.
- 96% of Hong Kong organisations have been a victim of a successful identity-related breach due to a phishing or vishing attack.
Sandy Lau, district manager for Hong Kong and Macau at CyberArk, warns that machine identities will continue to expand the attack surface for cyber adversaries, especially with the acceleration in AI adoption.
“Organisations in Hong Kong need to adopt a holistic cybersecurity strategy to secure both human and machine identities to effectively defend themselves against cyberattacks,” she concludes.