93% of Companies Suffered Identity Breaches Last Year: CyberArk Report

Almost 93% of Indian organizations had experienced two or more identity-related breaches in the past year, highlighted by the Identity Security Threat Landscape 2024 Report published by CyberArk. The report revealed this staggering number, putting a focus on alarming trends in identity-related breaches among Indian organizations.

Despite the growing threat of deep fakes, 84% of security professionals in India are confident in their employees’ ability to identify such threats. Nonetheless, the report notes that 88% of organizations have already fallen victim to identity-related breaches caused by phishing attacks.

Key Findings of the Report

• Machine Identities

This type of breach has been identified as the riskiest type due to its association with multi-cloud strategies and the adoption of AI-related programs like Large Language Models. Unlike human identities, machine identities often lack stringent security controls and make them vulnerable to exploitation.

•  Privileged Access

The report indicates that 46% of organizations consider all human and machine identities with sensitive access as privileged users. Moreover, the number of identities is expected to triple in the next 12 months, driven by digital transformation initiatives.

• AI in Cybersecurity

99% of organizations are using AI-powered tools in their cyber defenses, though 93% expect these tools to also increase cyber risk. As AI capabilities expand, both defenders and attackers are leveraging these technologies, leading to more sophisticated identity-related attacks.

• Deepfake Awareness

84% of security professionals believe their employees can identify deepfakes of organizational leadership. This confidence is crucial, as deepfakes can be used to impersonate organizational leadership, potentially leading to significant breaches.

Experts Opinion

"In today’s digital age, where identities proliferate at an unprecedented pace, machine identities are the silent players of our systems, serving as the cornerstone of innovation while being the weak link of security,” said Rohan Vaidya, Area Vice President, of India & SAARC at CyberArk. “As we navigate this landscape, the CyberArk 2024 Identity Security Threat Landscape Report illuminates the urgent need to bridge the gap between human and machine identity security. With 93% of Indian organizations experiencing multiple identity-related breaches in the past year alone, it is evident that identity protection is the need of the hour. The reliance on AI in cyber defense becomes not just a strategic advantage but a necessity in combating AI-driven threats. In this era of increasing cyber risk, we must unify our defenses, harnessing the power of AI while nurturing a culture of vigilance to safeguard against the ever-evolving threats to our digital identities,” he added.

“Digital initiatives to drive organizations forward inevitably create a plethora of human and machine identities, many of which have sensitive access and all of which must have identity security controls applied to them to guard against identity-centric breaches. The report shows that identity breaches have affected nearly all organizations - multiple times in nearly all cases – and demonstrates that siloed, legacy solutions are ineffective at solving today’s problems. To stay ahead a paradigm shift is required, where resilience is built around a new cybersecurity model that places identity security at its core”, said said Matt Cohen, Chief Executive Officer, of CyberArk.

Conclusion

The CyberArk 2024 Identity Security Threat Landscape Report provides a comprehensive analysis of the current state of identity security, underscoring the critical need for enhanced measures to protect both human and machine identities. As organizations continue to evolve and embrace digital transformation, the integration of robust identity security controls will be essential to mitigating the increasing risks associated with identity-related breaches.