Newton, Massachusetts, USA-headquartered CyberArk, the identity security company, has recently released a new global research report that shows how siloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems.
‘The CyberArk 2024 Identity Security Threat Landscape Report’ provides unique perspectives on how Artificial Intelligence (AI) boosts cyber defenses as well as attacker capabilities; increases the pace at which identities are created in new and complex environments; and highlights the scale of identity-related breaches affecting organizations.
The report, which surveyed 2,400 cybersecurity decision makers in more than 18 countries including the UAE, found that 99% of UAE organizations had two or more identity-related breaches in the past year, indicating the scale of the new challenges.
Data access
However, contrary to how human access to sensitive data is managed, machine identities often lack identity security controls, and therefore represent a widespread and potent threat vector ready to be exploited. Key findings of the report include:
- 99% of UAE organizations had two or more identity-related breaches in the past year.
Machine identities are the #1 cause of identity growth in the UAE and are considered by respondents to be the riskiest identity type.
- 94% of UAE organizations expect identities to grow 3x or more in the next 12 months.
- 28% of UAE organizations cited concerns over their software supply chain as a key concern for securing machine identities.
“The digital initiatives that drive organizations forward inevitably create waves of new human and machine identities. Because many of these identities require sensitive or privileged access it is imperative that businesses in the UAE gain a clearer understanding of the nature of this access and the attack surface it represents,” affirmed Tom Lowndes, Director, Middle East at CyberArk.
Widespread use of AI
Consistent with CyberArk’s 2023 report, the 2024 Threat Landscape Report found that all organizations in the UAE (100% of those surveyed) are using AI in cybersecurity defense initiatives.
In related findings, most respondents are confident that deepfakes targeting their organization will not fool their employees.
All UAE organizations surveyed have adopted AI-powered tools as part of their cyber defenses to some degree, with 35% using AI for advanced analytics and 31% addressing cyber skills and resource challenges with AI.
- 99% of UAE respondents expect AI-powered tools to create cyber risks including AI powered malware, phishing, data leakage from compromised AI models and deepfake scams.
- 83% are confident that their employees can identify deepfakes in their organizational leadership.
- 97% of UAE organizations surveyed have been a victim of a successful identity-related breach due to a phishing or vishing attack.
- 100% of UAE organizations increased their investment in identity-related products or services to some extent in the last 12 months because of a breach.
