Indian organizations are bracing themselves for identity-related compromises in 2023, with 100% of surveyed organizations expecting such incidents, and 61% anticipating AI-enabled attacks, according to the CyberArk 2023 Identity Security Threat Landscape Report. The report sheds light on the growing tension between economic conditions and technological advancements, particularly in the field of artificial intelligence (AI), and its impact on the vulnerability of identity-centric cybersecurity.
The report highlights the emergence of "cyber debt," where investment in digital and cloud initiatives outpaces cybersecurity spending, resulting in an expanding and unsecured attack surface. In 2022, organizations experienced a growth in cyber debt as security spending lagged behind investments in broader digital business initiatives. In 2023, cyber debt is at risk of compounding due to economic pressures, increased staff turnover, a decline in consumer spending, and an uncertain global environment. The ongoing investments in digital and cloud initiatives by business leaders seeking efficiency and innovation have had cascading effects on cybersecurity.
The majority of Indian organizations (84%) expect identity-related compromises to occur as part of digital transformation initiatives such as cloud adoption and legacy app migration. Additionally, 80% of organizations anticipate cybersecurity issues driven by employee churn, which could lead to insider threats posed by disgruntled former employees or the exploitation of leftover credentials.
The report identifies AI-enabled threats as a major concern for security professionals in 2023, with 61% of those surveyed expecting such threats to affect their organizations. AI-powered malware tops the list of concerns. Ransomware attacks have also seen a significant increase, with over 90% of organizations surveyed reporting such incidents, compared to 70% in CyberArk's 2022 report. Alarmingly, 55% of the affected organizations reported paying ransoms twice or more, suggesting they fell victim to double extortion campaigns.
In terms of security threats, 92% of Indian organizations expressed concern about code or malware injection into their software supply chains. The report highlights that identities, both human and machine, are central to almost all attacks. Three-fourths of identities in Indian organizations require sensitive access, making them attractive targets for attackers. Critical areas of the IT environment are found to be inadequately protected, and the report identifies specific identity types that pose significant risks.
Credential access ranks as the top risk, cited by 45% of respondents, followed by defense evasion, execution, initial access, and privilege escalation. Business-critical applications, such as revenue-generating customer-facing apps, enterprise resource planning (ERP), and financial management software, are considered the most vulnerable due to unknown and unmanaged identities accessing them, with 53% of organizations highlighting this area as high risk. However, 70% of organizations have implemented identity security controls to protect these critical applications.
Third-party entities, including partners, consultants, and service providers, are identified as the riskiest human identity type, according to 44% of respondents.
Matt Cohen, CEO of CyberArk, emphasized the need to balance business efficiency and innovation with the pressing need to prevent cyber debt and build long-term cyber resilience. Rohan Vaidya, Regional Director of India & SAARC at CyberArk, stressed the importance of securing the identity-centric attack surface and adopting a risk-based strategy to protect critical assets.
As organizations navigate the current landscape, consolidating operations with trusted partners and solutions will be vital in establishing resilience against cyber threats.
