Why Identity-Based Attacks Are on the Rise: Insights from Former CISO of Caterpillar Financial

Identity-based attacks are now the leading cause of cybersecurity breaches, targeting both human and machine identities. In a fireside chat with Akeyless CEO Oded Hareven, Ross Young, former CISO of Caterpillar Financial and CISO-in-residence at Team8, explored the key reasons behind this trend and shared actionable strategies for CISOs to mitigate the risks. Below is a curated summary of their conversation

---

The Shifting Landscape of Cyber Threats

Oded Hareven: Ross, what major trends have you observed in cyberattacks over your career?

Ross Young: Attackers continuously evolve their methods. Initially, they focused on phishing users. Then, they targeted developers to steal bulk data. Now, with everything moving to the cloud, attackers aim at cloud resources to steal data. While phishing remains a constant, adversaries are always looking for the easiest entry point. Tools like ChatGPT have elevated the sophistication of phishing campaigns, making them more convincing than ever.

Oded Hareven: So, despite advancements, attackers are becoming more effective?

Ross Young: Exactly. While we’ve improved email security and other defenses, attackers are getting smarter and adapting quickly. This forces us to stay ahead of the curve.

The Role of Identity in Modern Security

Oded Hareven: Identity has become central to cybersecurity. Why is this focus growing?

Ross Young: The perimeter has fundamentally changed. During COVID-19, remote work turned every home into a potential endpoint, making traditional network-based security less effective. Additionally, identity now extends beyond humans to machines. Tools like Jenkins and others used in DevOps environments hold admin-level access and, if compromised, can allow attackers to laterally move across entire organizations. Understanding and securing both human and machine identities is critical.

Secrets Sprawl and Its Impact on Identity Attacks

Oded Hareven: Automation has transformed DevOps, but it’s also created new risks. How does secrets sprawl contribute to identity-based attacks?

Ross Young: Automation enables a single developer to manage thousands of machines, but it also spreads secrets like API keys and SSH credentials across multiple systems. If these secrets aren’t rotated frequently or made ephemeral, attackers can exploit them. For example, if credentials are valid for 90 days or longer, attackers have a large window to operate undetected. Moving to ephemeral keys or rotating them daily reduces this risk significantly.

Oded Hareven: Are traditional tools like privileged access management (PAM) sufficient to address these challenges?

Ross Young: No, PAM tools weren’t designed for dynamic environments like containers or infrastructure-as-code. Modern environments require solutions that can handle the velocity and complexity of secrets in DevOps workflows.

The Rise of Machine Identities

Oded Hareven: The number of machine identities has exploded. How does this impact cybersecurity?

Ross Young: Machine identities now far outnumber human identities, creating a massive attack surface. Each identity needs to be secured, inventoried, and rotated. However, many organizations fail to rotate keys and certificates frequently enough, leaving them vulnerable. The rapid growth in machine identities—combined with the shift to microservices and containerization—adds complexity that attackers exploit.

Key Strategies for Mitigating Identity-Based Attacks

Oded Hareven: What can organizations do to address these challenges?

Ross Young: There are a few key strategies:

1. Rotate Credentials Frequently: Reduce dwell time for attackers by rotating secrets daily or using ephemeral credentials valid for only a few hours.
2. Implement Zero-Knowledge Solutions: Use technologies like Akeyless’s Distributed Fragments Cryptography to ensure that even the provider doesn’t have full access to encryption keys.
3. Adopt SaaS for Scalability: SaaS solutions reduce maintenance costs and improve efficiency, allowing organizations to focus on securing their environments without heavy infrastructure overhead.
4. Educate Developers: Train developers to avoid embedding secrets in source code and to embrace tools that automate secrets management.

Closing Thoughts

Oded Hareven: Ross, any final advice for CISOs?

Ross Young: Identity-based attacks are the number one threat today and will continue to grow. With 45 times more machine identities than human ones, the stakes are higher than ever. CISOs must prioritize inventorying identities, securing secrets, and embracing automation and ephemeral solutions to stay ahead.

Oded Hareven: Thank you, Ross. How can people connect with you?

Ross Young: You can find me on LinkedIn or follow Team8 events to stay updated.

By understanding the factors driving the rise in identity-based attacks and adopting proactive strategies, CISOs can better protect their organizations in today’s complex cybersecurity landscape. Explore how Akeyless can help unify and secure your secrets and identities—learn more here.

About Akeyless

Trusted by Fortune 100 companies and industry leaders, Akeyless is redefining identity security for the modern enterprise, delivering the world’s first unified Secrets & Machine Identity platform designed to prevent the #1 cause of breaches – compromised identities and secrets. Backed by the world’s leading cybersecurity investors and global financial institutions including JVP, Team8, NGP Capital and Deutsche Bank, Akeyless Security delivers a cloud-native SaaS platform that integrates Vaultless® Secrets Management with Certificate Lifecycle Management, Next Gen Privileged Access Management (Secure Remote Access), Encryption and Key Management Services (KMS) to manage the lifecycle of all non-human identities and secrets across all environments.