CyberArk’s latest release of the 2025 State of Machine Identity Security Report casts a stark light on the growing challenges faced by organizations as they grapple with an unprecedented surge in machine identities. The report reveals that as certificates, keys, secrets, and access tokens proliferate in tandem with rapid advancements in artificial intelligence and cloud-native innovations, security incidents linked to these non-human identities are escalating in both frequency and complexity. An overwhelming 72% of organizations have endured at least one certificate-related outage in the past year, with incidents occurring as frequently as monthly for 67% of respondents and weekly for 45%, a dramatic leap compared to previous years. These outages have not only disrupted operations but also exposed businesses to significant risks and financial losses, highlighting the urgent need for robust and comprehensive security strategies.
The research, based on a survey of more than 1,200 security leaders across several countries, underscores the substantial impact of compromised machine identities on business operations. With half of the respondents reporting security breaches tied to these identities, the consequences have included delays in launching applications, interruptions in customer services, and unauthorized access to sensitive data. Moreover, machine identities have rapidly outnumbered human identities within organizations, with 79% of security leaders anticipating an increase of up to 150% in the coming year, which adds layers of complexity and challenges to traditional security frameworks. As artificial intelligence systems become increasingly targeted, 81% of security professionals believe that machine identity security will be paramount in safeguarding future AI applications, with nearly 80% emphasizing the need for enhanced authentication and authorization measures to protect against potential manipulation or theft.
The report also highlights the shortcomings in current security practices, revealing that while an overwhelming majority of organizations have implemented some form of machine identity security program, many of these initiatives remain immature and fragmented. The lack of a cohesive strategy, coupled with the challenges of managing shorter machine identity lifecycles, leaves organizations vulnerable to exploitation by cybercriminals. Responsibilities are often scattered across security, development, and platform teams, creating silos that hinder effective risk management. Kurt Sand, GM of Machine Identity Security at CyberArk, aptly notes that machine identities will continue to skyrocket over the next year, introducing not only greater complexity but also increased risks, as cybercriminals shift their focus to exploiting API keys, code signing certificates, and other non-human identities to compromise critical infrastructures. This research serves as a clarion call for security leaders to reexamine and fortify their machine identity strategies in order to prevent costly outages and breaches in an increasingly interconnected and dynamic threat landscape.
Leave a Reply