Machine identity-related security incidents are on the rise, as the volume and complexity of machine identities continue to multiply, and 78% of Asia-Pacific organisations have experienced at least one certificate-related outage in the past year, marking a significant increase compared to previous years.
According to a new report from CyberArk, 78% of APAC security leaders also reported security incidents or breaches due to compromised machine identities.
Research was conducted by Censuswide among a sample of 1,201 security and IT decision-makers in organisations with 500 or more employees across the United States, the United Kingdom, Australia, France, Germany and Singapore. The data was collected between January 9 and January 17.
Machine identities—including certificates, keys, secrets and access tokens—are exploding amid the rise of AI adoption, cloud native innovations and shorter machine identity lifespans.
As a result, organisations are struggling to keep up and siloed approaches to securing machine identities creates its own risks.
Findings show that 74% of APAC respondents are experiencing outages monthly and 77% weekly.
Also, 78% of APAC security leaders reported security incidents or breaches linked to compromised machine identities in the last year, which led to delays in application launches (51%), unauthorised access to sensitive data or networks (51%) as well as outages impacting customer experience (37%).
Machine identities outnumber human identities by an overwhelming margin and continue to grow quickly, and 85% percent of APAC security leaders anticipate the number of machine identities in their organisation to increase, by as much as 150% over the next year.
As AI systems become a growing target for cyberattacks, 82% of APAC security leaders believe machine identity security will play a vital role in securing the future of AI. Also, 82% of leaders say securing AI models from manipulation and theft means putting greater emphasis on the need for machine identity authentication and authorisation.
While 94% of APAC security leaders report some form of machine identity security program, many of these programs lack maturity. Respondents reveal the lack of a cohesive machine identity security strategy as their biggest concern (46%), followed by challenges adapting to shorter machine identity lifecycles (42%) and the possibility of adversaries exploiting stolen machine identities (38%).
Where multiple tools to secure machine identities exist within organisations, inefficiencies, risk and management challenges are created. For example, responsibilities for preventing machine identity-related compromises were found to be split among security (51%), development (29%) and platform (14%) teams.
“Machine identities of all kinds will continue to skyrocket over the next year, bringing not only greater complexity but also increased risks,” said Kurt Sand, GM of machine identity security at CyberArk.
“Cybercriminals are increasingly targeting machine identities – from API keys to code signing certificates – to exploit vulnerabilities, compromise systems and disrupt critical infrastructure, leaving even the most advanced businesses dangerously exposed,” said Sand.
