Insider attack: Organizations expect employee churn-driven cyber issues in 2023

Most threats lurk from within. Employee error accounts for 8 in 10 cyber breaches.

Fueling a new wave of insider threat concerns from, for example, disgruntled ex-staffers or exploitable leftover credentials, 80% of organizations expect employee churn-driven cyber issues in 2023. 

According to the CyberArk 2023 Identity Security Threat Landscape Report findings, upcoming areas of identity and cybersecurity concern this year are many. 61% of security professionals surveyed expect AI-enabled threats to affect their organization in 2023, with AI-powered malware cited as the #1 concern.

Read more: Indian cloud sector generates startup as well as big tech interest

Rohan Vaidya, regional director, India & SAARC, CyberArk, says, “New environments create new identities and, consequently, compromising identities will remain the most preferred method for attackers to evade cyber defences and gain access to critical data and assets.

“The identity-centric attack surface is one that is a priority to secure. To be best positioned to weather the current storm, organisations must adopt a risk-based strategy to secure critical assets, and initiate programmes to consolidate operations on a smaller set of trusted partners and solutions to build resilience.

While attackers are constantly innovating, compromising identities remains the most effective way to circumvent cyber defenses and access sensitive data and assets. Such profound risk puts the issue of “who and what to trust” at the forefront of efforts to prevent cyber debt from compounding, and to build long-term cyber resilience

Rohan Vaidya, regional director, India & SAARC, CyberArk

“Business transformation, driven by digital and cloud initiatives, continues to result in a surge in new enterprise identities. While attackers are constantly innovating, compromising identities remains the most effective way to circumvent cyber defenses and access sensitive data and assets. Such profound risk puts the issue of “who and what to trust” at the forefront of efforts to prevent cyber debt from compounding, and to build long-term cyber resilience.”

More than nine in 10 (91% – up from 70% in their 2022 report) of the organizations surveyed experienced ransomware attacks in the past year, and 55% of affected organizations reported paying-up twice or more to allow recovery, signaling that they were likely victims of double extortion campaigns.

Credential access remains the number one risk for respondents (cited by 45%), followed by defense evasion (34%), execution (34%), initial access (31%) and privilege escalation (26%).

Business critical applications e.g., revenue-generating customer-facing applications, enterprise resource planning (ERP) and financial management software – were named as the area of greatest risk due to the unknown and unmanaged identities that access them (53%). However, 70% have identity security controls in place to secure business-critical apps. 

Third parties – partners, consultants and services providers – cited as the riskiest human identity type (44%).

According to a report by cybersecurity firm Cymulate, 92% of the top 10 exposures are related to domain and email security. In 2022, the top 10 exposures detected by Cymulate showed most detected exposures were spread across domain security (59.3%) and email security (32.8%).

Read more: Pace of tech innovation like AI is inciting identity-led cybersecurity exposure leading to cyber debt

As organizations face new challenges brought on by digital transformation and AI-enabled threats, safeguarding identities and critical assets becomes paramount. With ransomware attacks on the rise, businesses are struggling with double extortion campaigns. Credential access remains the top risk, while business-critical applications and third-party entities add complexity to the security landscape.

To build long-term cyber resilience, a risk-based approach and consolidation of operations with trusted partners are essential in combating evolving cyber threats. Addressing domain and email security also remains critical in safeguarding against exposures.