The leak of personal data of more than 30 million Coupang members last year is cited as a representative case of identity (identity and access management) security failure. A former Coupang employee identified as the culprit used authentication keys stolen while on the job to access internal systems, and because the permissions granted to the departed worker were not revoked, a large amount of customer information flowed out.
By stealing insiders' account information or credentials, hackers can simply log in to plant malware and access sensitive information without having to breach a corporation's security perimeter. Identity security is considered the first gateway to cybersecurity. It is similar to a thief posing as a bank employee obtaining an access card, walking through the front door, and opening the vault.
According to the security industry on the 13th, identity-based cyberattacks are surging worldwide, and corporations are increasing related investments. According to Cisco's threat intelligence group Talos, identity-based attacks accounted for 60% of cyberattacks that occurred in 2024.
Talos said, "Most security incidents did not occur through complex attacks using zero-day vulnerabilities or custom malware," and noted, "Hackers infiltrated corporations' systems by stealing an account and simply logging in, causing serious damage."
No matter how much a corporation strengthens network and endpoint security, a single stolen account can allow infiltration into the system, so identity theft, including credentials, is gaining traction as a preferred attack method among cybercriminals. Hackers are stealing identities in various ways, with phishing and smishing to siphon off credentials or account information being representative methods.
Recently, "credential stuffing," which involves indiscriminately entering IDs and passwords obtained on the dark web and elsewhere into multiple sites to attempt logins, has also been rampant. Last month, attempts at credential stuffing attacks using account information leaked from Tving, the online video service (OTT) run by CJ ENM, were detected, and GS Retail also suffered a credential stuffing attack last year that led to the leak of personal data of 90,000 customers. Instagram also faced allegations this month that IDs and passwords of 17 million people were leaked, and the security industry is voicing concern that the related information could later be used for credential stuffing.
Security experts say identity-based attacks such as credential stuffing are becoming faster and more sophisticated with AI, and corporations should establish security frameworks to respond. In the past, corporations only had to manage the accounts and credentials of employees and contractors, but in the AI era, nonhuman accounts such as AI agents and machine identities are widely used, making it necessary to identify who can access what data and when, and to manage permissions.
Global security giants are also making identity security a core pillar of next-generation security solutions and moving to strengthen capabilities. U.S. cybersecurity corporation CrowdStrike announced on Jan. 8 that it would acquire identity security startup SGNL for about $740 million (about 1 trillion won). Founded by former Google employees, SGNL has identity security technology that grants and revokes system access for artificial intelligence (AI) agents in real time.
CrowdStrike CEO George Kurtz said, "This acquisition will help strengthen CrowdStrike's position in the identity security market." According to market research firm Grand View Research, the identity security market size is expected to grow from $15.93 billion (about 23.5 trillion won) in 2022 to $41.52 billion (about 61.2 trillion won) by 2030.
Palo Alto Networks, the world's largest security corporation, also expanded into the identity security field by acquiring Israel-based identity security corporation CyberArk in July last year. The acquisition price at the time was $25 billion (about 34.5 trillion won), the largest among mergers and acquisitions (M&A) pursued by Palo Alto to date. It is analyzed as a large-scale investment recognizing the importance of identity security.
Identity and access management (IAM) security corporation Okta also moved to strengthen its security portfolio last year by acquiring Axiom Security, a privileged access management (PAM) startup specialized for the cloud. Okta CEO Todd McKinnon said, "The key to security in the AI era is identity protection," adding, "For corporations to strengthen security, they must systematically protect the identities of AI agents."