Use of AI, worker churn fuel the identity attacks in APAC

Levels of cyber debt are at risk of compounding in 2023, driven by an economic squeeze, elevated levels of staff turnover, a downturn in consumer spend and an uncertain global environment, according to a new report from CyberArk.

Commissioned by CyberArk, Vanson Bourne surveyed 2,300 cybersecurity decision makers who are based in Singapore, Australia, India, Japan, Taiwan, Brazil, Canada, Mexico, the United States, France, Germany, Italy, the Netherlands, Spain, the United Kingdom, and Israel.

With investment in digital and cloud initiatives still ongoing as business leaders seek to unlock greater efficiencies and innovation, these factors have had a knock-on effect on cybersecurity.

One is that, in the Asia-Pacific region including Japan, all (99.9%) organisations expect identity-related compromise this year, stemming from economic-driven cutbacks, geopolitical factors, cloud adoption and hybrid working. 

Almost two-thirds (63%) say this will happen as part of a digital transformation initiative such as cloud adoption or legacy app migration.

Second, 69% of APJ firms  expect employee churn-driven cyber issues in 2023, Fueling a new wave of insider threat concerns from – for example – disgruntled ex-staffers or exploitable leftover credentials.

Almost three-quarters (73%) of cybersecurity experts across the region agree that they are concerned about loss of confidential information stemming from employees, ex-employees, and third-party identities.

And third, APJ organisations will deploy 70% more SaaS tools in the next 12 months versus what they have now. Large proportions of human and machine identities have access to sensitive data via SaaS tools and if not secured properly can be a gateway for attack.

Findings show that against a backdrop of the growing popularity and fast adoption of generative AI, 98% of APJ cybersecurity experts indicated that their organisations have deployed AI tools to augment and enhance Identity Security functionality. 

The three key areas include automation and flexibility; addressing cyber skill shortage/lack of resources; and breach detection and prevention.

More than nine in every 10 (94%) of cybersecurity experts across the APJ region expect a negative impact from AI tools and services in 2023, with the biggest concern being chatbot security vulnerabilities that include potential employee impersonation, ransomware, malware and phishing.

Similarly, 88% of the organisations surveyed experienced ransomware attacks in the past year. Seven in every 10 (69%) of cybersecurity experts from APJ indicated that in the last 12 months, they paid ransom to allow recovery at least once.

Three-fifths (61% )of local companies expect that they would not be able to stop -or even detect – an attack stemming from software supply chain.

“Business transformation, driven by digital and cloud initiatives, continues to result in a surge in new enterprise identities. ,” said Matt Cohen, CEO of CyberArk. 

“While attackers are constantly innovating, compromising identities remains the most effective way to circumvent cyber defences and access sensitive data and assets,” said Cohen. “Such profound risk puts the issue of ‘who and what to trust’ at the forefront of efforts to prevent cyber debt from compounding, and to build long-term cyber resilience.”