Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Across financial services operations, machine identities play critical roles, but in many organizations, these cryptographic keys, API tokens, certificates, and service accounts remain chronically under-governed. What’s more, machine identities outnumber human identities by staggering margins, creating a massive, often unseen, unsecured attack surface—one that’s only further compounded by the rise of artificial intelligence (AI).

Financial cybersecurity has never been a static discipline. Over two decades in this industry, I’ve seen it transform from a compliance checkbox to a cornerstone of business resilience—usually after a painful lesson. Today, we’re heading into the most significant paradigm shift for financial security since online banking: the convergence of artificial intelligence and machine identity governance.

In the world of identity security, organizations evaluating solutions want to understand why CyberArk stands out as the top choice. Leaders aren’t just looking for a rundown of capabilities – they want to understand what peers across industries are choosing and why.

When new security research hits the headlines, it often sparks a predictable wave of worry: should we turn off features we rely on? Should we rethink basic workflows? That’s exactly the case with recent findings that highlight how clickjacking techniques can exploit password manager autofill behavior.

In this episode of Security Matters, host David Puner speaks with Andy Parsons, CyberArk’s Director of EMEA Financial Services and Insurance, whose career spans from the British Army to CISO and CTO roles in global financial institutions. Andy shares hard-earned lessons on leadership, risk management, and the evolving cybersecurity landscape in banking—from insider threats to machine identity governance and the rise of agentic AI.

Picture this: You’re having your morning coffee when your phone buzzes with the kind of alert that makes security professionals break into a cold sweat. A single API key, leaked on GitHub months ago, has just given attackers a VIP pass to your entire infrastructure. Sound familiar? It should. The 2024 U.S. Treasury breach started exactly this way. One compromised machine identity opened the floodgates.

Not too long ago I read an interesting blogpost by SpecterOps about Microsoft EPM that got my attention as I was not aware of this Microsoft product/feature. It was interesting to learn that Microsoft expanded into the realm of Endpoint Privilege Management and since this means that there must be some service/driver running with high privileges that elevates low-privileged processes, I thought there could be potential vulnerabilities and bugs.

A sprawling cyber campaign is turning gamers’ hunger to gain an edge into a massive payday for threat actors who are leveraging over 250 malware samples to steal credentials and cryptocurrencies. The operation has already netted wallets containing more than US$135,000. In this blog post, we will delve into a specific infection instance, explore its mechanisms. and share indicators of compromise (IoCs).

It was recently reported that Salesloft’s Drift application was breached, allowing unauthorized access to its customers’ Salesforce data and affecting hundreds of organizations, including CyberArk. Upon learning of this incident, we quickly deployed threat containment measures, including terminating our Salesforce–Drift connection; disabling the Drift application and revoking all related user credentials; and rotating all Salesforce integration credentials.

Fast-moving cloud environments demand speed, but without the right access controls they invite risk. Resources such as virtual machines, containers, and services are created, modified, and terminated at a rapid pace. At the same time, workloads are becoming increasingly distributed, with data and applications spanning multiple regions, accounts, and even across different cloud service providers (CSPs).