Machine identity-related security incidents are on the rise, as the volume and complexity of machine identities continue to multiply, according to a report by cyber and identity security firm CyberArk.
78% of Asia Pacific organisations have experienced at least one certificate-related outage in the past year, marking a significant increase compared to previous years. Additionally, 78% of Asia Pacific security leaders also reported security incidents or breaches due to compromised machine identities.
Machine identities—including certificates, keys, secrets and access tokens—are exploding amid the rise of AI adoption, cloud native innovations and shorter machine identity lifespans. As a result, organisations are struggling to keep up and siloed approaches to securing machine identities creates its own risks. The report shows the substantial business impact of not securing machine identities effectively, leaving organisations vulnerable to costly outages and breaches.
Highlights of the report include:
- Frequency of outages surges dramatically – 78% of Asia Pacific respondents have suffered at least one certificate-related outage in the past year, with 74% experiencing outages monthly and 77% weekly.
- Machine identity-related compromises have substantial business impact – 78% of Asia Pacific security leaders reported security incidents or breaches linked to compromised machine identities in the last year, which led to delays in application launches (51%), unauthorised access to sensitive data or networks (51%) as well as outages impacting customer experience (37%).
- Machine identity growth continues at pace – Machine identities outnumber human identities by an overwhelming margin and continue to grow quickly. 85% percent of Asia Pacific security leaders anticipate the number of machine identities in their organisation to increase, by as much as 150% over the next year.
- AI looms large on the machine identity threat horizon – As AI systems become a growing target for cyberattacks, 82% of Asia Pacific security leaders believe machine identity security will play a vital role in securing the future of AI. 82% of leaders also say securing AI models from manipulation and theft means putting greater emphasis on the need for machine identity authentication and authorisation.
- Machine identity security programs lack maturity – While 94% of Asia Pacific security leaders report some form of machine identity security program, many of these programs lack maturity. Respondents reveal the lack of a cohesive machine identity security strategy as their biggest concern (46%), followed by challenges adapting to shorter machine identity lifecycles (42%) and the possibility of adversaries exploiting stolen machine identities (38%).
- Siloed approach to securing machine identities creates risk – Where multiple tools to secure machine identities exist within organisations, inefficiencies, risk and management challenges are created. For example, responsibilities for preventing machine identity-related compromises were found to be split among security (51%), development (29%) and platform (14%) teams.