IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Data Protection
#
MFA
#
AI

Experts urge strong identity measures as password risks grow

Today
Author image
By Shannon Williams, Journalist

As World Password Day approaches, cyber security experts are urging organisations to rethink their approach to password management and consider both human and machine identity risks. The calls for action arrive as instances of credential theft and breaches involving digital identities continue to rise, affecting both individuals and enterprises across Australia, New Zealand, and worldwide.

According to Olly Stimpson, Senior Security Strategy Adviser for ANZ at CyberArk, the growing intersection of personal and professional digital identities is blurring boundaries and exacerbating security challenges. "As the boundaries between our personal and professional lives continue to blur, World Password Day is a timely reminder that this convergence extends to how we manage passwords," Stimpson said.

Stimpson highlighted password reuse as a key vulnerability, warning that a single compromised credential—reused across both personal and corporate accounts—can expose entire organisations to significant risk. "Credential theft remains one of the most frequent identity-related breaches," he noted. "The recent superannuation funds incident serves as yet another example of the inherent weakness of passwords as a standalone form of authentication." He added that such incidents should not be seen as isolated but rather as part of a broader, escalating trend, where breaches can have a cascading effect across interconnected organisations and supply chains.

Stimpson advocated for the adoption of multi-factor authentication (MFA) and, where possible, passwordless technologies such as passkeys. He stressed that businesses should prioritise stronger authentication methods and adopt short-lived, federated access models, advising that such standards apply equally to both human users and machine identities. "The risk of a domino effect is real. One identity compromise can lead to many more, with CISA already warning of downstream impact of lost credential material from the recent breach of Oracle Cloud," he stated.

These warnings were echoed and extended by Chern-Yue Boey, SVP and GM APJ at SailPoint, who drew attention to the rapidly growing landscape of machine identities and the increasing use of AI agents within organisations. Boey warned, "Today, 70% of organisations manage more machine identities than human ones. Yet over half admit these non-human identities are misconfigured, exposing them to breaches, downtime and financial risk." He argued that securing credentials for machine identities—such as API keys, tokens, and certificates—should now be considered foundational to both risk management and business continuity.

SailPoint's own research indicates that the digital shift towards automated and AI-driven solutions will only deepen in coming years. "Gartner estimates that by 2028, a third of enterprise software applications will include agentic AI, which is expected to manage 15% of day-to-day work decisions autonomously," Boey said. He added that more than half of companies surveyed have reported inappropriate access being granted to non-human identities, and that breaches in this area can cause operational outages, reputational damage, and delays in business initiatives.

To address these risks, Boey recommended best-in-class identity security measures, including regular rotation and revocation of credentials for machine identities, enforcement of strong cryptographic keys, and deployment of automated credential management with real-time monitoring. He also stressed the need for comprehensive governance over AI agents, given their capability to access and process sensitive data autonomously. "As they operate autonomously and require access to multiple data sources and systems to function effectively, it is crucial that they are managed with the same degree of visibility, governance, and control as human and machine identities," Boey stated.

Both experts conclude that the threat landscape has evolved, making identity security a critical component for organisational resilience. The message is clear: with the increasing prevalence of digital identities—whether human, machine, or AI—robust, innovative, and proactive approaches to credential and access management are essential. The stakes, they emphasise, now extend beyond IT departments to touch on operational continuity and the overall health of modern enterprises.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Kinetics Group expands IT services with OutSource merger
Emburse launches AI-driven mobile app to streamline expenses
Hurdle using AI to transform diagnostic innovation
Varonis unveils AI Shield to defend sensitive data in real time
Agentic AI raises concerns over enterprise risks & value
Top stories
Arctic Wolf & Anthropic to develop autonomous AI cyber SOCs
Arctic Wolf launches Cipher, AI-powered security assistant beta
Yealink launches MeetingBoard Pro to elevate meeting equity and team collaboration
World Password Day reminds us: It’s time to rethink access security
Logitech enhances ACCIONA collaboration with new video tools