NEVERHACK Estonia
3. apr. 2025
In a digital era where identities—human and machine alike—are under constant threat, are we doing enough to protect them?
In today’s hyperconnected digital world, identity has become the new cybersecurity perimeter—and it’s under attack like never before. In the latest episode of CyberCast, host Ronny Jaanhold is joined by Bartosz Krynski, Solutions Engineering Team Lead at CyberArk, to explore one of the most urgent topics in cybersecurity: the explosion of machine identities and the rising need for zero trust strategies.
With decades of experience in identity security, Krynski brings clarity to a rapidly evolving landscape where the line between human and machine access is increasingly blurred. He shares that for every one human identity in an organization, there are now an average of 45 machine identities—a number that’s growing exponentially as automation, cloud services, and microservices become the norm. These identities—APIs, bots, containers, and applications—often carry powerful access rights and operate with minimal oversight, making them ideal entry points for attackers.
Throughout the conversation, Krynski underscores how traditional password-based security is no longer sufficient. Relying solely on usernames and passwords creates vulnerabilities that cybercriminals are quick to exploit. Multi-factor authentication (MFA), biometric verification, and certificate-based trust models are now essential for both human and machine authentication.
The episode also dives into the consequences of poor identity management. From real-world ransomware attacks that start with compromised credentials to organizations being brought to a standstill due to expired TLS certificates, Krynski emphasizes that the risks are not just theoretical—they’re happening every day.
One particularly alarming insight involves the human cost of identity compromise. With the rise of social engineering and AI-powered manipulation, attackers can now easily craft fake messages, clone social media accounts, or generate convincing deepfakes to damage reputations and steal access. This is especially concerning for younger generations, who are more exposed to digital identity risks through social platforms.
Krynski also highlights how digital transformation is reshaping IT environments. As businesses shift to multi-cloud infrastructures and adopt hundreds of SaaS applications, identity becomes the one constant that spans every system. This makes identity not only the first line of defence—but also the most likely point of failure if left unsecured.
A key takeaway from the discussion is that automation must be done securely. Developers, for instance, may not have direct access to production data, but if their code or deployment pipelines are compromised, the damage can be widespread—as seen in supply chain attacks like SolarWinds. This calls for robust secrets management and certificate lifecycle automation.
The message is clear: identity security must evolve, and fast. Whether you’re securing humans, machines, or both, organizations need unified strategies that go beyond the basics. From implementing zero trust principles to auditing machine credentials and enforcing least-privilege access, this episode is packed with practical advice for IT and security professionals looking to stay ahead of the threat curve.
If you want to understand why identity—especially machine identity—is the new battleground in cybersecurity, this episode is a must-listen.