ETFOptimize | High-performance ETF-based Investment Strategies

Quantitative strategies, Wall Street-caliber research, and insightful market analysis since 1998.
ETFOptimize | HOME
Close Window
Recent Quotes
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Overview
News
Currencies
International
Treasuries

CyberArk Survey: AI Tool Use, Employee Churn and Economic Pressures Fuel the Identity Attack Surface

By: via Business Wire
  • 99% expect their organization to suffer identity-related compromise in 2023
  • 93% anticipate AI-enabled attack
  • Two-thirds expect layoffs and workforce churn to create new cybersecurity issues

A new global report released today by CyberArk (NASDAQ: CYBR) shows how the tension between difficult economic conditions and the pace of technology innovation, including the evolution of artificial intelligence (AI), is influencing the growth of identity-led cybersecurity exposure. The CyberArk 2023 Identity Security Threat Landscape Report details how these issues - allied to an expected 240% growth in human and machine identities – have the potential to result in a compounding of ‘cyber debt’: where investment in digital and cloud initiatives outpaces cybersecurity spend, creating a rapidly expanding and unsecured identity-centric attack surface.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230613944704/en/

AI Tool Use, Employee Churn and Economic Pressure Fuel the Identity Attack Surface (Graphic: Business Wire)

AI Tool Use, Employee Churn and Economic Pressure Fuel the Identity Attack Surface (Graphic: Business Wire)

Economic Squeeze Allied to Pace of Digital Acceleration Puts Organizations at Risk

In 2022 organizations experienced growing cyber debt, where security spend over the pandemic period lagged investment in broader digital business initiatives. In 2023, levels of cyber debt are at risk of compounding, driven by an economic squeeze, elevated levels of staff turnover, a consumer spend downturn and an uncertain global environment. With investment in digital and cloud initiatives still ongoing as business leaders seek to unlock greater efficiencies and innovation, these factors have had knock-on effects to cybersecurity.

  • Nearly all (99%) expect identity-related compromise this year, stemming from economic-driven cutbacks, geopolitical factors, cloud adoption and hybrid working. A majority (58%) say this will happen as part of a digital transformation initiative such as cloud adoption or legacy app migration.
  • Fueling a new wave of insider threat concerns from – for example – disgruntled ex-staffers or exploitable leftover credentials, over two-thirds (68%) of organizations expect employee churn-driven cyber issues in 2023.
  • Organizations will deploy 68% more SaaS tools in the next 12 months vs. what they have now. Large proportions of human and machine identities have access to sensitive data via SaaS tools and if not secured properly can be a gateway for attack.

The 2023 Threat Landscape

Report findings reveal upcoming areas of identity and cybersecurity concern this year.

  • 93% of security professionals surveyed expect AI-enabled threats to affect their organization in 2023, with AI-powered malware cited as the #1 concern.
  • Nearly nine in 10 (89% – up from 73% in our 2022 report) of the organizations surveyed experienced ransomware attacks in the past year, and 60% of affected organizations reported paying-up twice or more to allow recovery, signaling that they were likely victims of double extortion campaigns.
  • 67% of energy, oil and gas companies expect they would not be able to stop – or even detect – an attack stemming from their software supply chain (versus 59% for all organizations). Most respondents from this vertical (69%) also admit they hadn’t attempted to mitigate this through implementing better security in the last 12 months.

Expanded Identity-Centric Attack Surface

Identities – both human and machine – are at the heart of all, or nearly all, attacks. Nearly half of identities require sensitive access to perform their roles and are a favored attack vector as a result. The report found that critical areas of the IT environment are inadequately protected and identifies the identity types that represent significant risk.

  • 63% say highest-sensitivity employee access is not adequately secured and greater numbers of machines have sensitive access than humans (45% vs. 38%).
  • Credential access remains the #1 risk for respondents (cited by 35%), followed by defense evasion (31%), execution (28%), initial access (28%) and privilege escalation (27%).
  • Business critical applications e.g., revenue-generating customer-facing applications, enterprise resource planning (ERP) and financial management software – were named as the area of greatest risk due to the unknown and unmanaged identities that access them. Only 46% have identity security controls in place to secure business-critical apps.
  • Third parties – partners, consultants and services providers – cited as #1 riskiest human identity type.
  • 69% say robotic process automation (RPA) and bot deployments are being slowed due to security concerns.

“The organizational desire to drive ever-greater business efficiencies and innovation remains undiminished, even as cutbacks in staffing and macro-economic forces are creating significant pressures,” said Matt Cohen, chief executive officer, CyberArk. “Business transformation, driven by digital and cloud initiatives, continues to result in a surge in new enterprise identities. While attackers are constantly innovating, compromising identities remains the most effective way to circumvent cyber defenses and access sensitive data and assets. Such profound risk puts the issue of ‘who and what to trust’ at the forefront of efforts to prevent cyber debt from compounding, and to build long-term cyber resilience.”

What Can Be Done?

  • Zero Trust Alignment: Identity security is critical for a robust Zero Trust implementation. Respondents said that identity management (79%) and endpoint security/device trust (78%) are “critical” or “important” to supporting Zero Trust.
  • Strategies to Secure Sensitive Access: The top three measures to improve identity security that organizations plan on introducing in 2023: Just-In-Time access (cited by 32% of respondents); adopting least privilege principles to secure business-critical applications (32%); and automatic provisioning and de-provisioning of access (31%).
  • Consolidate with Trusted Partners: Over half of respondents (51%) will look to trusted cybersecurity partners to help forecast and design solutions for future cyber risk in 2023.

About the Report

The CyberArk 2023 Identity Security Threat Landscape Report represents the findings of a worldwide survey across private and public sector organizations of 500 employees and above. It was conducted by market researchers Vanson Bourne amongst 2,300 cybersecurity decision makers. Respondents were based in Brazil, Canada, Mexico, the US, France, Germany, Italy, the Netherlands, Spain, the UK, Australia, India, Israel, Japan, Singapore and Taiwan. To learn more, visit: https://www.cyberark.com/threat-landscape/.

About CyberArk

CyberArk (NASDAQ: CYBR) is the global leader in Identity Security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on LinkedIn, Twitter, Facebook or YouTube.

Copyright © 2023 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.

Contacts

Data & News supplied by www.cloudquote.io
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.


 
IntelligentValue Home
Close Window

DISCLAIMER

All content herein is issued solely for informational purposes and is not to be construed as an offer to sell or the solicitation of an offer to buy, nor should it be interpreted as a recommendation to buy, hold or sell (short or otherwise) any security.  All opinions, analyses, and information included herein are based on sources believed to be reliable, but no representation or warranty of any kind, expressed or implied, is made including but not limited to any representation or warranty concerning accuracy, completeness, correctness, timeliness or appropriateness. We undertake no obligation to update such opinions, analysis or information. You should independently verify all information contained on this website. Some information is based on analysis of past performance or hypothetical performance results, which have inherent limitations. We make no representation that any particular equity or strategy will or is likely to achieve profits or losses similar to those shown. Shareholders, employees, writers, contractors, and affiliates associated with ETFOptimize.com may have ownership positions in the securities that are mentioned. If you are not sure if ETFs, algorithmic investing, or a particular investment is right for you, you are urged to consult with a Registered Investment Advisor (RIA). Neither this website nor anyone associated with producing its content are Registered Investment Advisors, and no attempt is made herein to substitute for personalized, professional investment advice. Neither ETFOptimize.com, Global Alpha Investments, Inc., nor its employees, service providers, associates, or affiliates are responsible for any investment losses you may incur as a result of using the information provided herein. Remember that past investment returns may not be indicative of future returns.

Copyright © 1998-2017 ETFOptimize.com, a publication of Optimized Investments, Inc. All rights reserved.