CyberArk Explains Why Machine Identities Are the New Attack Surface

Episode notes

What happens when there are 100 machine identities for every human one in your organisation? This is not a prediction for the future. It is the world we are already operating in, and the implications are profound. In this episode of Business of Cybersecurity, I speak with David Higgins, Senior Director at CyberArk, about how AI agents, autonomous systems, and the sheer scale of machine credentials in the enterprise are reshaping identity security. We discuss why password reuse, unsecured personal devices, and skipped updates remain stubbornly common even though awareness training has been around for decades. David explains that the issue is rarely laziness. Instead, it is often a lack of secure and practical alternatives that still fit the way people work. We dig into how phishing and social engineering tactics have evolved, with AI enabling deepfake audio and video that can pass casual inspection, and how attackers are increasingly bypassing tech-savvy users entirely by targeting helpdesks and third-party support teams. We also look at the commoditisation of stolen credentials and why buying access on the dark web can now be easier than running a phishing campaign.