According to one survey, many respondents’ organizations were not securing machine identities with the same level of control as human identities

Based on a 2023 survey of 2,400 cybersecurity decision makers in private and public sector organizations (those with 500 employees and above)* on the identity-security threat landscape, the following trends were disclosed from the data.

First, 95% of respondents used to represent the Asia Pacific and Japan (APJ) region indicated having suffered two or more identity-related breaches in the past year, amid expected growths in identities to be managed to average 2.6x in the next 12 months. In terms of other cyber risks, 95% these APJ respondents indicated their organization had been a victim of a successful identity-related breach due to a phishing or vishing attack (92% for ransomware attacks).

Second, of the respondents representing APJ as a whole, 62% defined a privileged user as “human-only”; 38% defined privileged users as “all human and machine identities”. Machine identities were singled out as the riskiest, partly due to widespread adoption of multi-cloud strategies and growing utilization of AI-related programs like Large Language Models: many of these identities require sensitive or privileged access. However, contrary to how human access to sensitive data is managed, machine identities in the data often lacked identity security controls, and therefore represented a widespread and potent threat vector ready to be exploited.

Third, all of the respondents representing APJ indicated having adopted AI-powered tools as part of their cyber defenses. Some 96% expected AI-powered tools to create cyber risk for their organization in the next 12 months. 

Finally, 70% of respondents deemed to represent APJ indicated they were confident that their employees can identify deepfakes of their organizational leadership.

According to Vincent Goh, President and General Manager (Asia Pacific and Japan), CyberArk, the firm that released its findings: “Machine identities will continue to expand the attack surface for cyber adversaries, especially with the acceleration in AI adoption. Organizations in the region need to adopt a holistic cybersecurity strategy to secure both human and machine identities to effectively defend themselves against cyberattacks.”

*fromBrazil, Canada, Mexico, US, France, Germany, Italy, the Netherlands, Spain, the UK, the UAE, Australia, India, Hong Kong, Israel, Japan, Singapore and Taiwan, comprising 700 respondents deemed to represent the Asia Pacific and Japan region