99% of UAE organisations faced identity-related breaches in the past year

Machine identities are the top driver of identity growth among UAE organisations

Read more...
by

Somshankar Bandyopadhyay

Published: Tue 11 Jun 2024, 9:00 AM

Ninety nine per cent of UAE organisations had two or more identity-related breaches in the past year, a survey showed.

CyberArk, an identity security company, has released a new global research report that shows how siloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems. The CyberArk 2024 Identity Security Threat Landscape Report provides unique perspectives on how Artificial Intelligence (AI) boosts cyber defenscs as well as attacker capabilities; increases the pace at which identities are created in new and complex environments; and highlights the scale of identity-related breaches affecting organisations.

While the quantity of both human and machine identities is growing quickly, the report found that security professionals globally rate machines as the riskiest identity type. In part due to widespread adoption of multi-cloud strategies and growing utilisation of AI-related programs like Large Language Models, machine identities are being created in vast numbers. Many of these identities require sensitive or privileged access.

Advertising
Advertising

However, contrary to how human access to sensitive data is managed, machine identities often lack identity security controls, and therefore represent a widespread and potent threat vector ready to be exploited.

Key findings of the report include:

99 per cent of UAE organisations had two or more identity-related breaches in the past year.

Machine identities are the main cause of identity growth in the UAE and are considered by respondents to be the riskiest identity type.

94 per cent of UAE organisations expect identities to grow 3x or more in the next 12 months

28 per cent of UAE organisations cited concerns over their software supply chain as a key concern for securing machine identities.

“The digital initiatives that drive organisations forward inevitably create waves of new human and machine identities. Because many of these identities require sensitive or privileged access it is imperative that businesses in the UAE gain a clearer understanding of the nature of this access and the attack surface it represents,” said Tom Lowndes, Director, Middle East at CyberArk. “Identity-centric breaches affect nearly all organisations, with most suffering multiple successful attacks; to address the extent of growing threats on identity that organisations face from an array of malign actors, it is key to build resilience on a new cybersecurity model that places identity security at its core.”

Widespread use of AI to battle AI and complacency takes hold

Consistent with CyberArk’s 2023 report, the 2024 Threat Landscape Report found that all organisations in the UAE are using AI in cybersecurity defense initiatives. Furthermore, the report predicts an increase in the volume and sophistication of identity-related attacks, as skilled and unskilled bad actors also increase their capabilities, including AI-powered malware and phishing. In related findings, the majority of respondents are confident that deepfakes targeting their organisation won’t fool their employees.

All UAE organisations surveyed have adopted AI-powered tools as part of their cyber defences to some degree, with 35 per cent using AI for advanced analytics and 31 per cent addressing cyber skills and resource challenges with AI.

99 per cent of UAE respondents expect AI-powered tools to create cyber risks including AI powered malware, phishing, data leakage from compromised AI models and deepfake scams.

83 per cent are confident that their employees can identify deepfakes of their organisational leadership.

97 per cent of UAE organisations surveyed have been a victim of a successful identity-related breach due to a phishing or vishing attack.

100 per cent of UAE organisations increased their investment in identity-related products or services to some extent in the last 12 months as a result of a breach.

The full report (including EMEA and UAE-specific findings) offers further insight on what is behind human and machine identity growth, where related cyber risk lies and how AI is being used in cyber defenses. The report also details the consequences firms are facing from identity-centric cyber breaches and recommends methods to ensure that security practices keep up with organisational initiatives to reduce cybersecurity debt.

Somshankar Bandyopadhyay

Published: Tue 11 Jun 2024, 9:00 AM

Recommended for you