Report: 99% Of Australian Organisations Had Two or More Identity-Related Breaches in the Past Year



by Pru Quinlan

  • Australia ranks second most breached nation surveyed for occurrences of credentials theft, 3rd party and supply chain breaches, as digital transformation shared as most likely cause of breach, ahead of geo-political/state actors

  • 99% of Australian organisations expect negative impact from using AI powered tools on cybersecurity in the next year

  • 70%+ of security professionals are confident that their employees can identify deepfake videos of their organisational leadership

CyberArk (NASDAQ: CYBR), the identity security company, today released a new global research report that reveals 99% of Australian organisations have faced two or more identity related breaches in the past year. Survey respondents flagged digital transformation as the most likely external cause of a breach, signaling a need for cybersecurity strategies to evolve as Australian organisations undergo digitalisation at scale.

The CyberArk 2024 Identity Security Threat Landscape Report also shows how siloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems; the pace at which identities are being created in new and complex environments; and highlights the scale of identity-related breaches affecting organisations.

Thomas Fikentscher, Area Vice President for ANZ, CyberArk, said: "Driven by legislation, organisations are investing more in cybersecurity. Yet, many other challenges remain. Leaders are faced with managing compliance and risk, the shortage of skilled staff as well as insufficient buy-in from developers and engineers. Companies must act now, especially around AI and the use of machine IDs. In addition, we see third and fourth-party risks coming to the fore especially in critical infrastructure. More collaboration is needed between CIOs, CTOs, developers and security teams to effectively minimise these cyber threats."

Cyber Risk from Digitalisation at Scale

The extended threat of Australia’s increasingly interconnected digital ecosystems on which businesses and its “A Future Made in Australia” strategy rely on is clearly shown in the study. 

Nealy nine out of 10 (88%) of Australian organisations reported identity related breaches stemming from third parties, ranking second highest globally. A further 79% experienced these in relation to the supply chain. When asked what they perceived the riskiest ID types to be, following machine IDs, respondents named business customers (42%) and third parties (41%), as having the most potential negative impact. Additionally, 25% of businesses remain troubled by the security challenges posed by remote work environments, much more than their global counterparts.

The research also underscores the significant threats Australian businesses face from their extensive use of cloud services, with the country being one of the top three users of multiple cloud providers globally. 93% of companies are planning to use three or more cloud service providers (CSPs) within the next 12 months, and 70% are expecting to use four or more. Australia's appetite for Software as a Service (SaaS) is equally voracious. Currently, 24% of Australian companies report using over 100 SaaS providers. This figure is projected to surge dramatically within the next year, with 75% of companies planning to use over 100 SaaS providers.

Cyber Risk Rises as Machine Identity Security Treated Differently to Humans

While the quantity of both human and machine identities is growing quickly, the report found that security professionals rate machines as the riskiest identity type, in part due to widespread adoption of multi-cloud strategies and growing utilisation of AI-related programs like Large Language Models, machine identities are being created in vast numbers. Many of these identities require sensitive or privileged access. However, contrary to how human access to sensitive data is managed, machine identities often lack identity security controls, and therefore represent a widespread and potent threat vector ready to be exploited.

  • 99% of organisations had two or more identity-related breaches in the past year.

  • Nearly half (48%) of organisations expect identities to grow 3x in the next 12 months (average: 2.4x).

  • 62% of organisations define a privileged user as human-only. Only 38% of organisations define all human and machine identities with sensitive access as privileged users.

Widespread Use of AI to Battle AI and Complacency Takes Hold

The 2024 Threat Landscape Report found that all (100%) Australian organisations are using AI in cybersecurity defense initiatives. Furthermore, the report predicts an increase in the volume and sophistication of identity-related attacks, as skilled and unskilled bad actors also increase their capabilities, including AI-powered malware and phishing. In related findings, counter to expectations, the majority of respondents are confident that deepfakes targeting their organisation won’t fool their employees.

  • 100% of organisations have adopted AI-powered tools as part of their cyber defenses.

  • 99% of respondents expect AI-powered tools to create cyber risk for their organisation in the coming year. 

  • 70%+ are confident that their employees can identify video based deepfakes of their organisational leadership – the figure slips to 65% for audio based.

  • 91% of organisations have been a victim of a successful identity-related breach due to a phishing or vishing attack.

“Digital initiatives to drive organisations forward inevitably create a plethora of human and machine identities, many of which have sensitive access and all of which must have identity security controls applied to them in order to guard against identity-centric breaches,” said Matt Cohen, chief executive officer, CyberArk. “The report shows that identity breaches have affected nearly all organisations - multiple times in nearly all cases – and demonstrates that siloed, legacy solutions are ineffective at solving today’s problems. To stay ahead a paradigm shift is required, where resilience is built around a new cybersecurity model that places identity security at its core.”

Read the full report for further insight on what is behind human and machine identity growth, where related cyber risk lies and how AI is being used in cyber defenses. The report also details the consequences firms are facing from identity-centric cyber breaches and recommends methods of ensuring security practices keep up with wider organisational initiatives to reduce cybersecurity debt.

About the Report

The CyberArk 2024 Identity Security Threat Landscape Report was conducted across private and public sector organisations of 500 employees and above. It was conducted by market researchers Vanson Bourne amongst 2,400 cybersecurity decision makers. Respondents were based in Australia, Brazil, Canada, Mexico, US, France, Germany, Italy, the Netherlands, Spain, UK, UAE, India, Hong Kong, Israel, Japan, Singapore and Taiwan.

About CyberArk
CyberArk (NASDAQ: CYBR) is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world’s leading organisations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow

Top

© Einsteinz Communications