Are Identity-Related Breaches Escalating in UAE Businesses?
Hey, have you heard about the latest report from CyberArk? They just released their 2024 Identity Security Threat Landscape Report, and it's pretty eye-opening. They looked into how companies are handling the security of both human and machine identities, and it turns out that the lack of a unified approach is really opening up opportunities for identity-based attacks.
The report surveyed 2,400 cybersecurity decision-makers across more than 18 countries, including the UAE. One striking finding is that a whopping 99 percent of organisations in the UAE experienced at least two identity-related breaches in the past year. This really highlights the scale of the issue we're dealing with.
One of the big points they make is about machine identities. With the rise of multi-cloud strategies and AI programs, machine identities are growing rapidly. Unlike human identities, these machine identities often don't have strong security controls, making them a major risk. The report shows that security professionals see machine identities as the riskiest type.
Some key stats from the UAE include:
99 percent of organisations had two or more identity-related breaches in the past year.
Machine identities are the top reason for identity growth and are seen as the riskiest.
94 percent of organisations expect identities to triple in the next year.
28 percent are worried about their software supply chain when it comes to securing machine identities.
Tom Lowndes from CyberArk emphasises that as digital initiatives expand, so do the number of human and machine identities, many of which need sensitive access. Businesses need to understand this access and the attack surfaces it creates to build resilience with a new cybersecurity model centred on identity security.
Another interesting part of the report is about AI. Every organisation they surveyed in the UAE is using AI for their cybersecurity defences. But here's the kicker: while AI helps boost defences, it also enhances the capabilities of attackers. We're talking about AI-powered malware and phishing. Despite this, 83 percent of respondents believe their employees can identify deepfakes targeting their organisation.
Here are some more stats:
35 percent are using AI for advanced analytics, and 31 percent are using it to tackle cyber skills and resource challenges.
99 percent expect AI to introduce risks like AI-powered malware and deepfake scams.
97 percent have suffered from identity-related breaches due to phishing or vishing.
100 percent increased their investment in identity-related products or services in the past year because of a breach.
The full report goes into more detail about human and machine identity growth, cyber risks, and how AI is shaping both defences and attacks. It also offers recommendations for keeping security practices up to date with organisational changes to reduce cybersecurity debt.