Australia | A recent report by cybersecurity firm CyberArk highlights the increasing threat of cyber-attacks driven by economic conditions, the adoption of AI tools, and workforce churn in Australia. The CyberArk 2023 Identity Security Threat Landscape Report sheds light on the potential risks Australian organisations face as the number of human and machine identities grows, outpacing cybersecurity investments.
The survey findings show that 91 percent of Australian respondents experienced at least one ransomware attack, underscoring the alarming prevalence of such incidents. Moreover, a staggering 98 percent expect their organisations to suffer identity-related compromises in 2023, with 52 percent attributing these incidents to digital transformation initiatives, such as cloud adoption or legacy app migration.
The report also emphasises the potential cybersecurity challenges arising from employee churn and layoffs, with over two-thirds of organisations anticipating such issues in 2023. Additionally, more than two-thirds of Australian organisations admit their inability to prevent or detect attacks originating from their supply chains, highlighting the need for enhanced security measures.
The study identifies AI-enabled threats as a major concern, with 89 percent of security professionals expecting them to impact their organisations in 2023. AI-powered malware ranks as the top worry among respondents. Furthermore, the report reveals that 57 percent of affected organisations in Australia resorted to paying ransom demands multiple times, suggesting the rise of double extortion campaigns.
The expanding identity-centric attack surface poses a significant risk, as both human and machine identities are targeted in attacks. Employee identities, including contractors, are deemed the riskiest human identity type by 44 percent of Australian organisations. Credential access remains a critical area of vulnerability, with 39 percent of organisations considering it the biggest risk. The report also highlights gaps in securing the highest-sensitivity employee access and a lack of comprehensive visibility into human and non-human access to sensitive data.
The report stresses the need for immediate action to mitigate these risks and ensure long-term cyber resilience within organisations. CyberArk recommends aligning with a Zero Trust approach and prioritising identity security and endpoint security/device trust. Key measures planned by Australian organisations for 2023 include eliminating embedded credentials, monitoring access to SaaS applications, removing standing access for third-party vendors, and implementing least privilege access principles for critical applications.
As businesses in Australia continue to pursue digital and cloud initiatives to drive efficiency and innovation, addressing the growing cybersecurity challenges posed by economic pressures, AI tool adoption, and workforce dynamics are crucial.
