Merlin Labs Memo -- Week of May 20-24
Merlin Cyber
Merlin is your trusted source for best-in-class and innovative and emerging cyber solutions for the U.S. public sector.
Key Takeaways from CyberArk’s 2024 Identity Security Report
Navigating the ever-changing threat landscape is a constant challenge. CyberArk’s 2024 Identity Security Threat Landscape Report offers valuable insights into the current and future state of identity security, highlighting challenges and opportunities.
The report points out the growing complexity of managing identities, particularly with the increase in machine identities. Nearly half of the organizations surveyed expect identities to triple, driven by the rapid adoption of Generative AI (GenAI) and widespread cloud computing. This surge creates a perfect environment for attackers to exploit under-secured and over-privileged machine identities.
A significant concern is the rise in AI use by malicious actors. While 99% of organizations use AI tools in their cybersecurity efforts, adversaries use them for sophisticated identity-related attacks, such as AI-generated phishing and deepfakes. The report shows that over 75% of executives need to be more confident in their employees' ability to detect deepfakes, a dangerous misconception that needs to be corrected.
Third- and fourth-party risks also pose significant challenges. As organizations expand their digital ecosystems, third-party vendors' and subcontractors' security practices become crucial. The report indicates that 84% of organizations will use three or more cloud service providers next year, and the number of SaaS applications is expected to grow by 89%. This interconnectedness increases the potential impact of a breach, as vulnerabilities in one part of the supply chain can spread through the entire network.
Additionally, the report highlights the issue of "cyber debt," where organizations focus on adopting new technologies at the expense of securing existing infrastructures. Despite the appeal of the latest tech, traditional attack methods like phishing and ransomware remain highly effective. In the past year, 93% of organizations experienced two or more identity-related breaches, 90% faced ransomware attacks, and 75% paid the ransom but did not recover their data.
领英推荐
?
Our Take:
At Merlin Cyber, we strongly agree with CyberArk’s findings. The emphasis on the rise of machine identities and the associated risks aligns with our observations. We believe a strong cybersecurity posture must start with securing every human and machine identity across the IT environment.?
We also support the need for better third- and fourth-party risk management. As digital ecosystems grow, rigorous vendor security assessments are essential. Our experience shows that investing in comprehensive vendor risk management and consolidating security tools can significantly reduce these risks.
Finally, the report's insights into the dangers of focusing too much on new technologies while neglecting basic security measures are very relevant. Ensuring strong defenses against phishing and ransomware remains a top priority, as these threats continue to cause significant damage.
In conclusion, the 2024 Identity Security Threat Landscape Report is a valuable resource highlighting critical areas needing attention. Merlin Cyber is committed to tackling these challenges head-on and ensuring our clients are well-prepared to navigate the ever-evolving cybersecurity landscape. - Daniel McGregor
Additional Reading: