Cybersecurity experts have noticed a surge in machine identity-related security incidents in organisations as the volume and complexity of machine identities continue to grow.
Machine identities, which include things like certificates, keys and access tokens, are growing rapidly because of AI, cloud technology and shorter lifespans. This growth is making it hard for organisations to keep things secure.
There are way more machine identities than human identities, and they’re growing fast. In a recent survey by CyberArk, most security leaders (79 per cent) think their organisation will have over one and half times more machine identities in the next year.
- Also read: ‘Hackers now target social media platforms, a new type of infrastructure’
“About 72 per cent of organisations have experienced at least one certificate-related outage in the last one year, marking a significant increase compared to previous years. Besides, 50 per cent of security leaders reported security incidents or breaches due to compromised machine identities,” CyberArk, a Nasdaq-listed identity security solutions provider, said.
As a result of mushrooming machine identities, organisations are struggling to keep up and siloed approaches to securing machine identities, it said in the State of Machine Identity Security Report 2005.
“The report shows the substantial business impacts of not securing machine identities effectively, leaving organisations vulnerable to costly outages and breaches,” it said.
The report was based on a survey of over 1,200 security leaders in different countries.
About 67 per cent of the respondents said they experienced outages every month, while 45 per cent said they experienced such outages every week. “This marks a substantial jump from 2022, when 26 per cent of them were outages monthly and only 12 per cent weekly,” the report pointed out.
Machine identity-related compromises have substantial business impacts – about 50 per cent of security leaders reported security incidents or breaches linked to compromised machine identities in the last year, which led to delays in application launches (51 per cent), outages impacting customer experience (44 per cent) and unauthorised access to sensitive data or networks (43 per cent).
- Also read: Indian healthcare sector most targeted by cyberattacks, followed by education: Report
“Machine identities of all kinds will continue to skyrocket over the next year, bringing not only greater complexity but also increased risks,” said Kurt Sand, GM of Machine Identity Security at CyberArk.
“Cybercriminals are increasingly targeting machine identities – from API keys to code signing certificates – to exploit vulnerabilities, compromise systems and disrupt critical infrastructure, leaving even the most advanced businesses dangerously exposed,” he said.
