The leak of personal information of more than 30 million Coupang members last year is cited as a representative case of identity (identity and access management) security failure. A former Coupang employee named as the culprit accessed the internal system using authentication keys stolen while employed, and because the permissions granted to the departed worker were not revoked, a large amount of customer information flowed out.
If an insider's account information or credentials are stolen like this, hackers do not have to break through a corporation's security wall; they can simply log in to plant malware and access sensitive information. That is why identity security is considered the first gateway of cybersecurity. It is similar to a thief disguised as a bank employee obtaining an access card, entering through the front door, and opening the vault.
According to the security industry on the 13th, identity-based cyberattacks are rampant worldwide, and corporations are expanding related investments. According to Talos, Cisco's threat intelligence organization, identity-based attacks accounted for 60% of cyberattacks in 2024.
Talos noted that "most security incidents did not occur through complex attacks using zero-day vulnerabilities or custom malware," adding, "Hackers infiltrated corporations' systems by stealing an account and simply logging in, causing serious damage."
No matter how much a corporation strengthens network and endpoint security, a single stolen account can allow penetration into the system, so identity theft, including credentials, is gaining traction as a favored attack method for cybercriminals. Hackers are stealing identities in various ways, with phishing and smishing to siphon off credentials or account information being representative methods.
Recently, "credential stuffing," in which IDs and passwords obtained on the dark web and elsewhere are indiscriminately tried across multiple sites to log in, has been rampant. Last month, attempts at credential stuffing using account information leaked from Tving, an online video service (OTT) operated by CJ ENM, were detected, and GS Retail also suffered a credential stuffing attack last year that led to the leak of personal information of 90,000 customers. Instagram also faced allegations this month that the IDs and passwords of 17 million people were leaked, and the security industry is voicing concern that the related data could be used for credential stuffing going forward.
Security experts advise that identity-based attacks such as credential stuffing are becoming faster and more sophisticated with AI, and corporations must establish security frameworks to respond. In the past, corporations only had to manage the accounts and credentials of employees and contractors, but in the AI era, nonhuman accounts such as AI agents and machine identities are widely used, making it necessary to identify who can access which data and when, and to manage permissions.
Global security giants have also made identity security a core pillar of next-generation security solutions and are moving to strengthen capabilities. U.S. cybersecurity company CrowdStrike announced on Jan. 8 that it would acquire identity security startup SGNL for about $740 million (about 1 trillion won). Founded by former Google employees, SGNL has identity security technology that grants and revokes system access to artificial intelligence (AI) agents in real time.
George Kurtz, CrowdStrike chief executive officer (CEO), said, "This acquisition will help strengthen CrowdStrike's position in the identity security market." According to market research firm Grand View Research, the identity security market is expected to grow from $15.93 billion (about 23.5 trillion won) in 2022 to $41.52 billion (about 61.2 trillion won) by 2030.
Palo Alto Networks, the world's largest security company, also expanded into the identity security field by acquiring Israel-based identity security company CyberArk in July last year. The acquisition price at the time was $25 billion (about 34.5 trillion won), the largest among mergers and acquisitions (M&A) pursued by Palo Alto to date. It is analyzed as a large-scale investment recognizing the importance of identity security.
Identity and access management (IAM) security company Okta also moved to strengthen its security portfolio last year by acquiring Axiom Security, a privileged access management (PAM) startup specialized for the cloud. Okta CEO Todd McKinnon said, "The key to security in the AI era is identity protection," adding, "For corporations to strengthen security, they must systematically protect the identities of AI agents."