Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Australian orgs struggling under the weight of identity-related breaches

Australia has ranked second in the world for breaches involving credential theft, supply chain, and third-party breaches – and artificial intelligence (AI) may be to blame.

user icon David Hollingworth
Tue, 21 May 2024
Australian orgs struggling under the weight of identity-related breaches
expand image

Identity-related breaches are plaguing Australian organisations, with 99 per cent of those surveyed for a new report admitting to two – or even more – breaches relating to credential theft in the last year.

CyberArk’s 2024 Identity Security Threat Landscape Report paints a global picture, but the local landscape is stark.

According to the report, Australia is the second-most breached country in the world when it comes to credential theft, third-party attacks, and supply chain incidents.

============
============

Digging deeper, 88 per cent of Australian organisations reported cyber incidents relating to identity theft impacting third-party vendors, again the second-highest globally, while 79 per cent experienced a similar incident somewhere in their supply chain.

The core of the issue appears to be in how organisations define a “user”. With AI adoption, and the use of large language models alongside AI, many network users are not actually human. Only 62 per cent of organisations polled consider a privileged user as “human only”, while 38 per cent of organisations define all users with “sensitive access” – whether human or AI – under the same umbrella.

At the same time, many Australian entities are reaching towards the cloud and software-as-a-service business models, which means more and more need for digital identities.

Considering that the report found that every Australian organisation polled was now using AI as part of their cyber security toolkit, the scope of the challenge becomes clear – credential proliferation is a problem.

Thomas Fikentscher, area vice-president for ANZ at CyberArk, sees the situation as one where steps are being taken in the right direction, but one where backward steps are still being taken.

“Driven by legislation, organisations are investing more in cyber security. Yet, many other challenges remain. Leaders are faced with managing compliance and risk, the shortage of skilled staff, as well as insufficient buy-in from developers and engineers,” Fikentscher said in a statement.

“Companies must act now, especially around AI and the use of machine IDs. In addition, we see third- and fourth-party risks coming to the fore, especially in critical infrastructure. More collaboration is needed between CIOs, CTOs, developers and security teams to effectively minimise these cyber threats.”

You can read the full 2024 Identity Security Threat Landscape Report here.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.