“More than nine in ten (91 per cent – up from 70 per cent in the 2022 report) of the organisations surveyed experienced ransomware attacks in the past year, and 55 per cent of affected organisations reported paying up twice or more to allow recovery, signaling that they were likely victims of double extortion campaigns,” the report claims.
In its ‘CyberArk 2023 Identity Security Threat Landscape Report’ the company details how the tension between difficult economic conditions and the pace of technology innovation, including the evolution of artificial intelligence (AI), is influencing the growth of identity-led cybersecurity exposure.
The findings of the report further elaborate on upcoming areas of identity and cybersecurity concern in 2023. It notes that “61 per cent of security professionals surveyed expect AI-enabled threats to affect their organisation in 2023, with AI-powered malware cited as the top concern.”
“The identity-centric attack surface is one that is a priority to secure. To be best positioned to weather the current storm, organisations must adopt a risk-based strategy to secure critical assets, and initiate programmes to consolidate operations on a smaller set of trusted partners and solutions to build resilience,” he further stated.
- 100% of Indian organisations expect to suffer an identity-related compromise in 2023
- 61% anticipate AI-enabled attack
- 80% expect layoffs and workforce churn to create new cybersecurity issues
All (100 per cent) Indian organisations expect identity-related compromise in 2023, the report summarises. The reasons cited by the organisations range from economic-driven cutbacks, geopolitical factors, to cloud adoption and hybrid working. “A majority (84 per cent) say this will happen as part of a digital transformation initiative such as cloud adoption or legacy app migration.”
Moreover, 92 per cent of Indian organisations feel code/ malware injection into their software supply chain is one of the biggest security threats their organisations face.
Identities — both human and machine — are at the heart of nearly all attacks, the report suggests. It notes that three-fourths of identities in Indian organisations require sensitive access to perform their roles. It found that critical areas of the IT environment are inadequately protected and pique the identity types that represent a significant risk.
Credential access remains the number one risk for respondents (cited by 45 per cent), followed by defence evasion (34 per cent), execution (34 per cent), initial access (31 per cent) and privilege escalation (26 per cent).
Third parties – partners, consultants and service providers – are cited as the top riskiest human identity type (44 per cent).
“While attackers are constantly innovating, compromising identities remains the most effective way to circumvent cyber defences and access sensitive data and assets. Such profound risk puts the issue of “who and what to trust” at the forefront of efforts to prevent cyber debt from compounding, and to build long-term cyber resilience,” the CEO states.