Identities - both human and machine - are at the heart of nearly all attacks. Three-fourths of identities in Indian organisations require sensitive access to perform their roles and are a favoured attack vector as a result. This is where identity security comes in. Identity security is a comprehensive solution for securing all identities within the enterprise. It detects and prevents identity-driven breaches, especially when adversaries manage to bypass endpoint security measures.

Identity security: What are the latest trends? 

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

According to a CyberArk survey, all (100 per cent) Indian organisations expect identity-related compromise this year, stemming from economic-driven cutbacks, geopolitical factors, cloud adoption and hybrid working. A majority (84 per cent) say this will happen as part of a digital transformation initiative such as cloud adoption or legacy app migration. 

Credential access remains the #1 risk for respondents (cited by 45 per cent), followed by defence evasion (34 per cent), execution (34 per cent), initial access (31 per cent) and privilege escalation (26 per cent).

What is identity compliance and how important is it in today's cybersecurity landscape?

Identity compliance involves ensuring that an organisation's employees and users adhere to internal and external regulations and policies. According to Rohan Vaidya - Regional Director, India & SAARC, CyberArk - data breaches and cyber-attacks are becoming more frequent and sophisticated in today's cybersecurity landscape and this is why identity compliance helps organisations identify and prevent security risks and vulnerabilities by enforcing proper access controls and verifying the identity of users. 

ALSO READ | How ChatGPT-4 is revolutionising tech experience - Check out details

"Compliance with regulations such as GDPR and CCPA is also crucial to avoid costly penalties and reputational damage. CyberArk's solutions for identity compliance focus on privileged access management, managing and monitoring user activity, and implementing strong authentication and authorization policies. The end goal is to minimize the risk of insider threats and external attacks by ensuring that each user only has access to the specific resources they need to perform their job functions securely. Ultimately, ensuring identity compliance is crucial for protecting sensitive information, maintaining regulatory compliance, and safeguarding an organization’s overall security posture," Vaidya said.

Challenges AI-powered chatbots like ChatGPT pose 

ChatGPT is an AI-powered chatbot designed to mimic human interaction and respond to text-based queries. Attackers use this technology to manipulate unsuspecting employees into revealing sensitive information or performing unauthorized actions. Hackers can leverage social engineering techniques such as spear-phishing to trick employees into interacting with a ChatGPT-based chatbot, which can result in data breaches or other cyber-attacks. Traditional cybersecurity tools may not be able to detect these types of attacks effectively. Tools that rely on predefined rules or signatures may not be adaptable enough to recognize the subtle nuances of social engineering attacks, including those via ChatGPT.

What is cyber insurance and why are businesses opting for it?

Cyber insurance or cyber liability insurance, is a type of insurance that offers financial protection against various cyber-related risks and data breaches. It can help businesses to cover the costs involved in investigating, recovering, and responding to a cyber-attack or data breach. 

ALSO READ | Transforming HR: How conversational AI is simplifying operations

"More than nine in 10 organizations (91 per cent) experienced ransomware attacks in the past year, and 55 per cent of affected organizations reported paying up twice or more to allow recovery, signalling that they were likely victims of double extortion campaigns. 92 per cent of Indian organisations feel code/ malware injection into their software supply chain is one of the biggest security threats their organisations face. This certainly has an impact on insurability: 30 per cent of organizations got a 2023 cyber insurance policy at a higher premium than last year. One ransomware attack is enough to send cybersecurity insurance through the roof – if the organization can get coverage at all. This is why it is important for organisations to leverage a defence-in-depth strategy centred on Identity Security to improve their security posture," Vaidya said.