At least 93 per cent of Indian organizations had two or more identity-related breaches in the past year, according to a report by CyberArk, an identity security company. 

While the quantity of both human and machine identities is growing quickly, the report found that security professionals rate machines as the riskiest identity type. In part due to widespread adoption of multi-cloud strategies and growing utilisation of AI-related programs like Large Language Models, machine identities are being created in vast numbers. 

Many of these identities require sensitive or privileged access. However, contrary to how human access to sensitive data is managed, machine identities often lack identity security controls, and therefore represent a widespread and potent threat vector ready to be exploited, the report noted. 

Machine identities are the top cause of identity growth and are considered by respondents to be the riskiest identity type. 50 per cent of organizations expect identities to grow three times in the next 12 months. Further, 53 per cent of organizations define a privileged user as human-only, and 46 per cent of organisations define all human and machine identities with sensitive access as privileged users. In the next 12 months, 83 per cent of organisations will use three or more Cloud Service Providers (CSPs), according to the report. 

“As we navigate this landscape, the report illuminates the urgent need to bridge the gap between human and machine identity security. The reliance on AI in cyber defense becomes not just a strategic advantage but a necessity in combating AI-driven threats. In this era of increasing cyber risk, it is imperative that we unify our defenses, harnessing the power of AI while nurturing a culture of vigilance to safeguard against the ever-evolving threats to our digital identities,” Rohan Vaidya, Area Vice President, India & SAARC at CyberArk.

The report found that nearly all (99 per cent) of organizations are using AI in cybersecurity defense initiatives. Furthermore, the report predicts an increase in the volume and sophistication of identity-related attacks, as skilled and unskilled bad actors also increase their capabilities, including AI-powered malware and phishing. 

In related findings, counter to expectations, the majority of respondents are confident that deepfakes targeting their organisation won’t fool their employees. 93 per cent of respondents expect AI-powered tools to create cyber risk for their organisation in the coming year. Further, 84 per cent are confident that their employees can identify deepfakes of their organisational leadership, and 88 per cent organisations have been a victim of a successful identity-related breach due to a phishing or vishing attack, according to the report.